Skip to content

Files

Latest commit

jogoldjogold
chore(changelog): add entry for lambda-nodejs local bundling (aws#9853)
Aug 20, 2020
697ddae · Aug 20, 2020

History

History
5411 lines (4026 loc) · 554 KB

CHANGELOG.md

File metadata and controls

5411 lines (4026 loc) · 554 KB

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

1.60.0 (2020-08-19)

⚠ BREAKING CHANGES

  • cloudfront: Distribution: .domains must be specified if certificate is provided.
  • appsync: appsync.addXxxDataSource name and description props are now optional and in an DataSourceOptions interface.
  • appsync: the props name and description in addXxxDataSource have been moved into new props options of type DataSourceOptions
  • appsync: DataSourceOptions.name defaults to id
  • appsync: DataSourceOptions.description defaults to undefined

Features

Bug Fixes

  • apigateway: access log format does not allow tokens (#9769) (a7c5c75), closes #9687
  • build: Prereq check - support paths with spaces. (9ca1d02), closes #9749
  • cfn-include: handle numbers expressed as strings in templates (#9525) (e9a4102), closes #9524
  • cli: "fancy" progress reporting not disabled on all CI systems (#9516) (97ef371), closes #8696 #8893
  • cli: CLI does not use regional endpoints (#9835) (34450b0), closes #9223
  • cli: stack monitor reads complete stack history every 5 seconds (#9795) (cace51a), closes #9470
  • cli: SynthUtils is not used (#9836) (9f1007e)
  • cloudformation-diff: DependsOn singleton arrays aren't equal to string values (#9814) (49cdb47)
  • cloudfront: all origin access identities have identical names (#9829) (ca79188), closes #9580
  • cloudfront: Distribution ignores webAclId (#9828) (366c781), closes #9635 #9824
  • cloudfront: Update Suported Security Protocol enum and set TLS_V1_2_2019 as a default version (#9738) (f6c25ad), closes #9212
  • codebuild: fails on using PR Events together with FILE_PATH filters in a FilterGroup (#9725) (fdaf6bc), closes #8867
  • codepipeline: Service Catalog action generated incorrect file path (#9773) (286ff50), closes #9767
  • eks: AMI changes in managed SSM store param causes rolling update of ASG (#9746) (44f7753), closes #7273
  • elbv2: NLB Target Group does not inherit protocol (#9331) (#9651) (171ab59)
  • lambda: compute platform missing for autocreated profiling group (#9716) (a8f4c9f)
  • lambda-nodejs: cannot bundle when entry file is named index.ts (#9724) (bb90fbe), closes #9709
  • lambda-nodejs: NodejsFunction construct incompatible with lambda@edge (#9562) (dfe2c5c), closes #9328 #9453
  • lambda-python: install rsync if necessary (#9763) (6edb6e6), closes #9704 #9349 #9582

1.59.0 (2020-08-14)

⚠ BREAKING CHANGES

  • eks: cluster.addResource was renamed to cluster.addManifest and KubernetesResource was renamed to KubernetesManifest
  • cloudfront: (cloudfront) Changed IDs for Distributions (will cause resource replacement).

Features

  • cfn-include: allow passing Parameters to the included template (#9543) (cb6de0a)
  • cfnspec: cloudformation spec v16.3.0 (#9452) (fb5068d)
  • cloudfront: Distribution support for logging, geo restrictions, http version and IPv6 (#9635) (4c62702)
  • codebuild: add support for GPU build images (#8879) (b1b4cee), closes #8408
  • codeguruprofiler: add support for ComputePlatform in ProfilingGroup (#9391) (5a64bc5)
  • ec2: CloudFormation-init support (#9065) (014c13a), closes #8788 #9063 #9063
  • eks: ability to query runtime information from the cluster (#9535) (4bc8188), closes #8394
  • synthetics: Synthetics L2 Support (#8824) (691b349), closes #7687

Bug Fixes

  • cloudfront: ensures origin groups are added with their own ID as a target (#9593) (246842f), closes #9561 #9561
  • cloudfront: Escape hatch support for Distribution (#9648) (cc229c2), closes #9620
  • codepipeline: S3 source Action with trigger=Events fails for bucketKey a Token (#9575) (43214b4), closes #9554
  • ec2: can't use imported Subnets in a SubnetSelection (#9579) (1c4eae8)

1.58.0 (2020-08-12)

Features

Bug Fixes

  • cfn-include: allowedValues aren't included when specified by a parameter (#9532) (e7dc82f)
  • codedeploy: ServerDeploymentGroup takes AutoScalingGroup instead of IAutoScalingGroup (#9252) (9ff55ae), closes #9175
  • docdb: autoMinorVersionUpgrade property was not set to true by default as stated in the docstring (#9505) (e878f9c)
  • ec2: Volume grants have an overly complicated API (#9115) (74e8391), closes #9114
  • efs: LifecyclePolicy of AFTER_7_DAYS is not applied (#9475) (f78c346), closes #9474
  • eks: clusters in a FAILED state are not detected (#9553) (d651948)
  • eks: private endpoint access doesn't work with Vpc.fromLookup (#9544) (dd0f4cb), closes #9542 #5383
  • lambda: cannot create lambda in public subnets (#9468) (b46fdc9)
  • pipelines: CodeBuild images have (too) old Node version (#9446) (bd45f34), closes #9070
  • pipelines: manual approval of changeset uses wrong ordering (#9508) (5c01da8), closes #9101 #9101

1.57.0 (2020-08-07)

⚠ BREAKING CHANGES

  • apigatewayv2: The parameter for the method bind() on IHttpRouteIntegration has changed to accept one of type HttpRouteIntegrationBindOptions. The previous parameter IHttpRoute is now a property inside the new parameter under the key route.
  • eks: The experimental eks.Cluster construct no longer supports setting kubectlEnabled: false. A temporary drop-in alternative is eks.LegacyCluster, but we have plans to completely remove support for it in an upcoming release since eks.Cluster has matured and should provide all the needed capabilities. Please comment on aws#9332 if there are use cases that are not supported by eks.Cluster.
  • eks: endpoint access is configured to private and public by default instead of just public
  • lambda.Version and apigateway.Deployment resources with auto-generated IDs will be replaced as we fixed a bug which ignored resource dependencies when generating these logical IDs.
  • core: in unit tests, the node.path of constructs within stacks created the root of the tree via new Stack() will now have a prefix Default/ which represents an implicit App root.

Related: aws/aws-cdk-rfcs#192

  • cloudfront: the property OriginBase.originId has been removed

Features

Bug Fixes

1.56.0 (2020-07-31)

⚠ BREAKING CHANGES

  • appsync: appsync prop schemaDefinition no longer takes string, instead it is required to configure schema definition mode.
  • appsync: schemaDefinition takes param SchemaDefinition.XXX to declare how schema will be configured
    • SchemaDefinition.CODE allows schema definition through CDK
    • SchemaDefinition.FILE allows schema definition through schema.graphql file
  • cloudfront: Removed origin classes from the aws-cloudfront module.
  • aws-cloudfront: Removed S3Origin and HttpOrigin from the aws-cloudfront module. Use the S3Origin and HttpOrigin classes in the aws-cloudfront-origins module instead.
  • aws-cloudfront: Renamed Origin to OriginBase.
  • cloudfront: the property Origin.domainName has been removed

Features

Bug Fixes

1.55.0 (2020-07-28)

⚠ BREAKING CHANGES

  • lambda: the bundlingDockerImage prop of a Runtime now points to the AWS SAM build image (amazon/aws-sam-cli-build-image-<runtime>) instead of the LambCI build image (lambci/lambda:build-<runtime>)
  • appsync: pipelineConfig is now an array of string instead of CfnResolver.PipelineConfigProperty for usability.
  • appsync: pipelineConfig parameter takes in string []

Features

  • appsync: grant APIs for managing permissions (#8993) (e6dca52), closes #6772 #7871 #7313
  • aws-codepipeline: experimental support for ServiceCatalog deploy action (#9214) (950e51f)
  • cfn-include: handle resources not in the CloudFormation schema (#9199) (d287525), closes #9197
  • cfnspec: cloudformation spec v16.1.0 (#9074) (d1ca04f)
  • cfnspec: cloudformation spec v16.1.0 (#9216) (d4b68d3)
  • cloudfront: new aws-cloudfront-origins module, support for ALB/NLB origins (#9209) (27ee332), closes #9207
  • cloudfront: support Lambda@Edge for behaviors (#9220) (d3e5533), closes #9108
  • lambda: official lambda build docker images (#9211) (ae0cf2a), closes #9205
  • lambda-python: introducing LambdaPython (#9182) (4cc2834)
  • route53-patterns: the route53-patterns module is now stable (#9232) (add23bf)

Bug Fixes

  • appsync: resolver unable to set pipelineConfig (#9093) (dac9bb3), closes #6923
  • cloudfront: Set MinimumProtocolVersion and SslSupportMethod when specifying distribution certificate (#9200) (f99c327)
  • cloudtrail: missing sns publish permissions (#9239) (b4339a1)
  • codepipeline-actions: CodeDeployEcsDeployAction does not properly handle unnamed Artifacts (#9147) (ac612c6), closes #8971
  • pipelines: Reduce template size by combining IAM roles and policies (#9243) (1ac6863), closes #9066 #9225 #9237
  • rds: SQL Server instance engine uses incorrect major version (#9215) (eee8689), closes #9171
  • route53-targets: Add China Partition Support for CloudFrontTarget (#9174) (52a966a)
  • stepfunctions-tasks: EvaluateExpression error when key specified multiple times (#8858) (6506327), closes #8856

1.54.0 (2020-07-22)

Features

  • autoscaling: enable group metrics collections (#7432) (9867555)
  • cloudfront: Custom origins and more origin properties (#9137) (c807ff2), closes #9106
  • cloudfront: support origin groups for failover (#8740) (345389f)

Bug Fixes

  • apigatewayv2: Invalid mapping key value (#9141) (c88ad5f)
  • core: bundling corrupts stdout (#9202) (fadad22), closes #9186
  • kinesis: unable to use CfnParameter valueAsNumber to specify retentionPeriod (#9176) (3749c2a), closes #9038
  • lambda-nodejs: permission denied on npm cache (#9167) (4327843)
  • pipelines: prevent self-mutation on asset updates (#9183) (05fc934), closes #9080
  • pipelines: standardYarnSynth cannot have custom install command (#9180) (fdfed40), closes #9162

1.53.0 (2020-07-20)

Features

Bug Fixes

  • cli: cli integ tests do not have a unique stack prefix (#9165) (968c460)

1.52.0 (2020-07-18)

⚠ BREAKING CHANGES

  • rds: the property 'version' has been changed from string to an engine-specific version class; use VersionClass.of() if you need to create a specific version of an engine from a string
  • rds: the property ParameterGroupProps.family has been renamed to engine, and its type changed from string to IEngine
  • rds: the property engineVersion in IClusterEngine changed from a string to EngineVersion
  • rds: the property engineVersion in IInstanceEngine changed from a string to EngineVersion
  • rds: the property parameterGroupFamily in IClusterEngine changed from required to optional
  • rds: the property parameterGroupFamily in IInstanceEngine changed from required to optional
  • rds: the class ClusterParameterGroup has been removed - use ParameterGroup instead
  • rds: DatabaseProxyProps.secret => DatabaseProxyProps.secrets[]
  • apigateway: defaultMethodOptions, defaultCorsPreflightOptions and defaultIntegration have been removed from SpecRestApiProps. These can be specifed directly in the OpenAPI spec or via addMethod() and addResource() APIs.
  • glue: The default location of glue data will be the root of an s3 bucket, instead of /data
  • rds: the class DatabaseClusterEngine has been replaced with the interface IClusterEngine in the type of DatabaseClusterProps.engine
  • rds: the class DatabaseInstanceEngine has been replaced with the interface IInstanceEngine in the type of DatabaseInstanceSourceProps.engine
  • rds: DatabaseClusterProps.engineVersion has been removed; instead, create an IClusterEngine with a specific version using the static factory methods in DatabaseClusterEngine
  • rds: DatabaseInstanceSourceProps.engineVersion has been removed; instead, create an IInstanceEngine with a specific version using the static factory methods in DatabaseInstanceEngine
  • rds: the property majorEngineVersion can no longer be passed when creating an OptionGroup; instead, create an IInstanceEngine with a specific version using the static factory methods in DatabaseInstanceEngine

Features

Bug Fixes

1.51.0 (2020-07-09)

Features

Bug Fixes

  • appmesh: Update enums for appmesh (#8716) (64e3d88)
  • cli: Python sample app template does not follow PEP8 (#8936) (0717919)
  • codepipeline: set correct header assignment in S3 deployment cache control (#8864) (be1094b), closes #8774
  • ec2: VpcEndpoint AZ lookup fails for AWS services (#8386) (54e5c36)
  • iam: cannot import service role with a principal in its path (#8692) (55eb7d7), closes #8691

1.50.0 (2020-07-07)

⚠ BREAKING CHANGES

  • eks: version is now a mandatory property

Features

  • apigatewayv2: http api - custom domain & stage mapping (#8027) (5e43348), closes #7847
  • autoscaling: allow setting autoscaling group name (#8853) (38d8414)
  • cfn-include: add support for retrieving Output objects from the template (#8821) (0b09bbb), closes #8820
  • custom-resources: include handler log group in error messages (#8839) (8e055d4)
  • eks: document how to add a manifest from url (#8802) (b5acfaa), closes #8340
  • eks: support cluster version pinning (#8889) (a732d14), closes #7762
  • lambda: efs filesystems (#8602) (8529387), closes #8595
  • lambda-nodejs: allow jsx and tsx entry files (#8892) (4ba20fd)
  • s3-deployment: prune - keep missing files on destination bucket (#8263) (57914c7), closes #953
  • stepfunctions: stepfunctions and stepfunctions-tasks modules are now stable! (#8912) (ae2378c), closes #6489
  • stepfunctions-tasks: task for invoking a Step Functions activity worker (#8840) (021533c)

Bug Fixes

  • apigateway: Lambda integration for imported functions (#8870) (8420f96), closes #8869
  • config: cannot scope a custom rule without configurationChanges on (#8738) (841060d)
  • core: asset bundling fails with BuildKit (#8911) (c1d4e0f)
  • eks: incorrect enableDockerBridge value when enabled (#8895) (ea0552a), closes #5786
  • eks: kubectl resources fail before fargate profiles are created (#8859) (4fad9bc), closes #8854 #8574
  • eks: missing nodegroup identity in aws-auth after awsAuth.addMasterRole (#8901) (a9c66f7), closes #7595
  • lambda-nodejs: maximum call stack size exceeded with relative entry file path (#8907) (c585e18), closes #8902
  • rds: proxy for db cluster fails with model validation error (#8896) (7d47cfb), closes #8885 #8476

1.49.1 (2020-07-02)

Bug Fixes

  • apigateway: Lambda integration for imported functions (#8870) (c017f88), closes #8869

1.49.0 (2020-07-02)

Features

Bug Fixes

  • apigateway: permission error in lambda integration when function name is modified (#8813) (f1b37ef), closes #5306
  • codebuild: project didn't have permissions to retrieve secret of image with credentials (#8845) (4326f24)
  • elasticloadbalancingv2: dualstack ALB missing default IPv6 ingress rule (#8798) (66f9634), closes #7043
  • lambda-nodejs: parcel build cannot find target (#8838) (ce7a015), closes #8837

1.48.0 (2020-07-01)

⚠ BREAKING CHANGES

  • stepfunctions-tasks: containerName is not supported as an override anymore and has been replaced by containerDefinition
  • stepfunctions-tasks: EvaluateExpression is now a construct representing a task state rather than an embedded property called task
  • backup: existing vaults that use a generated name will be replaced but existing recovery points won't be lost. The default vault removal policy is RETAIN and if it was set to DESTROY the deployment will fail because vault with recovery points cannot be deleted.

Features

Bug Fixes

  • apigateway: error defining lambda integration on imported RestApi (#8785) (05aaf42), closes #8679
  • backup: correctly validate Vault name (#8689) (07b330c)
  • backup: vault name may exceed 50 characters (#8653) (d09c121), closes #8627
  • batch: Invalid spot fleet service role (#8325) (034bc35), closes #6706
  • cli: post install warnings are not clearly visible when running cdk init (#8723) (2662db3), closes #8720
  • cli: unable to use "legacy" bootstrap with --public-access-block-configuration=false (#8755) (88f8e1e), closes #8728
  • cognito: cannot add multiple route53 targets to the same user pool domain (#8622) (32b54a5), closes #8603
  • core: bundling directory access permission is too restrictive (#8767) (1842168), closes #8757
  • eks: Helm chart timeout expects duration (#8773) (d1c2ef2), closes #8718
  • elbv2: Add missing accounts to ELBv2 Log Delivery. (#8715) (8914899)
  • rewrite: script ignores list of files (#8777) (bb514c1)
  • route53-targets: A/AAAA Alias Record to ELB cannot resolve IPv6 addresses (#8747) (87e2651), closes #6271
  • s3-notifications: broken permissions query in LambdaDestination (#8741) (10bd8e4), closes #8538

1.47.1 (2020-06-30)

Bug Fixes

1.47.0 (2020-06-24)

⚠ BREAKING CHANGES

  • stepfunctions-tasks: Dynamo* tasks no longer implementIStepFunctionsTask and have been replaced by constructs that can be instantiated directly. See README for examples

Features

Bug Fixes

  • appsync: Not to throw an Error even if 'additionalAuthorizationModes' is undefined (#8673) (6b5d77b), closes #8666 #8668
  • cli: cannot change policies or trust after initial bootstrap (#8677) (6e6b23e), closes #6581
  • cli: crash on tiny reported terminal width (#8675) (a186c24), closes #8667
  • toolkit: CLI tool fails on CloudFormation Throttling (#8711) (e512a40), closes #5637

1.46.0 (2020-06-19)

⚠ BREAKING CHANGES

  • stepfunctions-tasks: constructs for EMR* have been introduced to replace previous implementation which implemented IStepFUnctionsTask.
  • stepfunctions-tasks: sizeInGB property in VolumeSpecification has been renamed to volumeSize and is of type cdk.Size as we want to enable specifying any unit
  • stepfunctions-tasks: ebsRootVolumeSize property in EmrCreateCluster is now of type cdk.Size as we want to enable specifying any unit
  • stepfunctions-tasks: Tags in EmrCreateCluster type has changed from cdk.CfnTag[] to a map of string to string as we do not want to leak Cfn types
  • rds: the attribute securityGroupId has been removed from IDatabaseCluster, use cluster.connections.securityGroups instead
  • rds: DatabaseClusterAttributes.securityGroup has been changed to securityGroups, and its type to an array
  • rds: InstanceProps.securityGroup has been changed to securityGroups, and its type to an array
  • rds: the property engine can no longer be passed when creating a DatabaseInstanceReadReplica
  • rds: the property 'instanceClass' in DatabaseInstanceNewProps has been renamed to 'instanceType'
  • appsync: Changes way of auth config even for existing supported methods viz., User Pools and API Key.

Features

Bug Fixes

  • apigateway: deployment fails when domain name has uppercase letters (#8456) (1e6a8e9), closes #8428
  • appsync: don't mix the json result with setting variables (#8290) (7ca74e0), closes #7026
  • autoscaling: can't configure notificationTypes (#8294) (01ef1ca)
  • cli: bootstrapping cannot be retried (#8577) (cad6649)
  • cloudtrail: Invalid arn partition for GovCloud (#8248) (5189170), closes #8247
  • core: asset bundling runs as root (#8492) (6df546f), closes #8489
  • core: asset staging custom hash generates invalid file names (#8521) (4521ae3), closes #8513
  • core: cannot use container assets with new-style synthesis (#8575) (357d5f7), closes #8540
  • core: incorrect temp directory when bundling assets (#8469) (9dc2e04), closes #8465
  • core: s3-deployments don't work with new bootstrap stack (#8578) (b2006c3), closes #8541
  • ec2: can't set natGateways=0 using reserved private subnets (#8407) (d7bf724), closes #8203
  • eks: can't define a cluster with multiple Fargate profiles (#8374) (1e78a68), closes #6084
  • eks: fargate profile deployment fails with missing iam:PassRole (#8548) (d6190f2), closes #8546
  • eks: fargate profile role not added to aws-auth by the cdk (#8447) (f656ea7), closes #7981
  • elbv2: allow non-TCP protocols in NLB TargetGroup (#8525) (387c1a8)
  • rds: 'engine' is no longer required in DatabaseInstanceReadReplica (#8509) (86d84e6)
  • rds: rename 'instanceClass' in DatabaseInstance to 'instanceType' (#8507) (e35cb1a)
  • secretsmanager: rotation function name can exceed 64 chars (#7896) (24e474b), closes #7885, #8442

1.45.0 (2020-06-09)

⚠ BREAKING CHANGES

  • stepfunctions-tasks: constructs for SageMakerCreateTrainingJob and SageMakerCreateTransformJob replace previous implementation that implemented IStepFunctionsTask.
  • stepfunctions-tasks: volumeSizeInGB property in ResourceConfig for SageMaker tasks are now type core.Size
  • stepfunctions-tasks: maxPayload property in SagemakerTransformProps is now type core.Size
  • stepfunctions-tasks: volumeKmsKeyId property in SageMakerCreateTrainingJob is now volumeEncryptionKey
  • cognito: requiredAttributes on UserPool construct is now replaced with standardAttributes with a slightly modified signature.
  • rds: DatabaseClusterProps.kmsKey has been renamed to storageEncryptionKey
  • rds: DatabaseInstanceNewProps.performanceInsightKmsKey has been renamed to performanceInsightEncryptionKey
  • rds: DatabaseInstanceSourceProps.secretKmsKey has been renamed to masterUserPasswordEncryptionKey
  • rds: DatabaseInstanceProps.kmsKey has been renamed to storageEncryptionKey
  • rds: DatabaseInstanceReadReplicaProps.kmsKey has been renamed to storageEncryptionKey
  • rds: Login.kmsKey has been renamed to encryptionKey

Features

  • assert: more powerful matchers (#8444) (ed6f763)
  • cloud9: support AWS CodeCommit repository clone on launch (#8205) (4781f94), closes #8204
  • codestar: support the GitHubRepository resource (#8209) (02ddab8), closes #8210
  • cognito: allow mutable attributes for requiredAttributes (#7754) (1fabd98)
  • core,s3-assets,lambda: custom asset bundling (#7898) (888b412)
  • rds: rename 'kmsKey' properties to 'encryptionKey' (#8324) (4eefbbe)
  • secretsmanager: deletionPolicy for secretsmanager (#8188) (f6fe36a), closes #6527
  • secretsmanager: Secret.grantRead() also gives DescribeSecret permissions (#8409) (f44ae60), closes #6444 #7953
  • stepfunctions-tasks: task constructs for creating and transforming SageMaker jobs (#8391) (480d4c0)

Bug Fixes

  • apigateway: authorizerUri does not resolve to the correct partition (#8152) (f455273), closes #8098
  • apigateway: methodArn not replacing path parameters with asterisks (#8206) (8fc3751), closes #8036
  • aws-s3-deployment: Set proper s-maxage Cache Control header (#8434) (8d5b801), closes #6292
  • cognito: error when using parameter for domainPrefix (#8399) (681b3bb), closes #8314
  • dynamodb: old global table replicas cannot be deleted (#8224) (00884c7), closes #7189
  • elbv2: addAction ignores conditions (#8385) (729cc0b), closes #8328
  • elbv2: missing permission to write NLB access logs to S3 bucket (#8114) (d6a1265), closes #8113

1.44.0 (2020-06-04)

Features

  • ecs-patterns: support min and max health percentage in queueprocessingservice (#8312) (6da564d)

1.43.0 (2020-06-03)

⚠ BREAKING CHANGES

  • rds: the default retention policy for RDS Cluster and DbInstance is now 'Snapshot'
  • cognito: OAuth flows authorizationCodeGrant and implicitCodeGrant in UserPoolClient are enabled by default.
  • cognito: callbackUrl property in UserPoolClient is now optional and has a default.
  • cognito: All OAuth scopes in a UserPoolClient are now enabled by default.

Features

  • cfn-include: add support for Conditions (#8144) (33212d2)
  • cognito: addDomain() on an imported user pool (#8123) (49c9f99)
  • cognito: sign in url for a UserPoolDomain (#8155) (e942936)
  • cognito: user pool identity provider with support for Facebook & Amazon (#8134) (1ad919f)
  • dynamodb: allow providing indexes when importing a Table (#8245) (9ee61eb), closes #6392
  • events-targets: kinesis stream as event rule target (#8176) (21ebc2d), closes #2997
  • lambda-nodejs: allow passing env vars to container (#8169) (1755cf2), closes #8031
  • rds: change the default retention policy of Cluster and DB Instance to Snapshot (#8023) (2d83328), closes #3298
  • redshift: add initial L2 Redshift construct (#5730) (703f0fa), closes #5711
  • s3: supports RemovalPolicy for BucketPolicy (#8158) (cb71f34), closes #7415
  • stepfunctions-tasks: start a nested state machine execution as a construct (#8178) (3000dd5)
  • stepfunctions-tasks: task state construct to submit a job to AWS Batch (#8115) (bc41cd5)

Bug Fixes

  • apigateway: deployment is not updated when OpenAPI definition is updated (#8207) (d28c947), closes #8159
  • app-delivery: could not use PipelineDeployStackAction more than once in a Stage (#8217) (9a54447), closes #3984 #8183
  • cli: termination protection not updated when change set has no changes (#8275) (29d3145)
  • codepipeline: allow multiple CodeCommit source actions using events (#8018) (103c144), closes #7802
  • codepipeline: correctly handle CODEBUILD_CLONE_REF in BitBucket source (#7107) (ac001b8)
  • codepipeline: unhelpful artifact validation messages (#8256) (2a2406e)
  • core: CFN version and description template sections were merged incorrectly (#8251) (b7e328d), closes #8151
  • lambda: SingletonFunction.grantInvoke() API fails with error 'No child with id' (#8296) (a8b1815), closes #8240
  • rds: cannot delete a stack with DbCluster set to 'Retain' (#8110) (c2e534e), closes #5282
  • sqs: unable to use CfnParameter 'valueAsNumber' to specify queue properties (#8252) (8ec405f), closes #7126

1.42.1 (2020-06-01)

Bug Fixes

  • lambda: SingletonFunction.grantInvoke() API fails with error 'No child with id' (#8296) (b4e264c), closes #8240

1.42.0 (2020-05-27)

⚠ BREAKING CHANGES

  • cloudtrail: API signatures of addS3EventSelectors and addLambdaEventSelectors have changed. Their parameters are now strongly typed to accept IBucket and IFunction respectively.
  • cloudtrail: addS3EventSelectors and addLambdaEventSelectors can no longer be used to configure all S3 data events or all Lambda data events. Two new APIs logAllS3DataEvents() and logAllLambdaDataEvents() have been introduced to achieve this.
  • cloudtrail: The property snsTopic is now of the type ITopic.

Features

  • cfnspec: cloudformation spec v14.4.0 (#8195) (99e7330)
  • cloudtrail: create cloudwatch event without needing to create a Trail (#8076) (0567a23), closes #6716
  • cloudtrail: user specified log group (#8079) (0a3785b), closes #6162
  • codeguruprofiler: ProfilingGroup (#7895) (995088a)
  • codepipeline: use a special bootstrapless synthesizer for cross-region support Stacks (#8091) (575f1db), closes #8082
  • cognito: user pool - case sensitivity for sign in (460394f), closes #7988 #7235
  • core: CfnJson enables intrinsics in hash keys (#8099) (195cd40), closes #8084
  • eks: improve security using IRSA conditions (#8084) (35a01a0)
  • elbv2: Supports new types of listener rule conditions (#7848) (3d30ffa), closes #3888
  • secretsmanager: adds grantWrite to Secret (#7858) (3fed84b)
  • sns: add support for subscription DLQ in SNS (383cdb8)
  • stepfunctions: new service integration classes for Lambda, SNS, and SQS (#7946) (c038848), closes #6715 #6489
  • stepfunctions: support paths in Pass state (#8070) (86eac6a), closes #7181
  • stepfunctions-tasks: task for starting a job run in AWS Glue (#8143) (a721e67)

Bug Fixes

  • apigateway: contextAccountId in AccessLogField incorrectly resolves to requestId (7b89e80), closes #7952 #7951
  • autoscaling: add noDevice as a volume type (#7253) (751958b), closes #7242
  • aws-eks: kubectlEnabled: false conflicts with addNodegroup (#8119) (8610889), closes #7993
  • cli: paper cuts (#8164) (af2ea60)
  • dynamodb: the maximum number of nonKeyAttributes is 100, not 20 (#8186) (0393528), closes #8095
  • eks: unable to add multiple service accounts (#8122) (524440c)
  • events: cannot use the same target account for 2 cross-account event sources (#8068) (395c07c), closes #8010
  • lambda-nodejs: build fails on Windows (#8140) (04490b1), closes #8107
  • cloudtrail: better typed event selector apis (#8097) (0028778)

1.41.0 (2020-05-21)

Features

  • cloudtrail: create cloudwatch event without needing to create a Trail (#8076) (0567a23), closes #6716
  • cognito: user pool - case sensitivity for sign in (460394f), closes #7988 #7235
  • core: CfnJson enables intrinsics in hash keys (#8099) (195cd40), closes #8084
  • secretsmanager: adds grantWrite to Secret (#7858) (3fed84b)
  • sns: add support for subscription DLQ in SNS (383cdb8)
  • stepfunctions: new service integration classes for Lambda, SNS, and SQS (#7946) (c038848), closes #6715 #6489

Bug Fixes

  • apigateway: contextAccountId in AccessLogField incorrectly resolves to requestId (7b89e80), closes #7952 #7951
  • autoscaling: add noDevice as a volume type (#7253) (751958b), closes #7242

1.40.0 (2020-05-20)

Features

1.39.0 (2020-05-15)

⚠ BREAKING CHANGES

  • cognito: An invalid template placeholder has been removed from the default verification email body in a user pool.

Features

  • apigateway: create RestApi from an OpenAPI spec (31014ca), closes #4421
  • apigateway: import existing VpcLink (#7811) (7b42f7f), closes #4178
  • initial version of an improved CloudFormation template include experience (0132251), closes #3537
  • apigateway: specify API key name and value in addApiKey() (#7714) (e93da2c), closes #3233 #7767
  • apigatewayv2: HTTP API - configure CORS preflight (#7923) (9f35104), closes #7922
  • cognito: user pool client - prevent user existence errors (c7f15f2), closes #7406
  • dynamodb: support for Customer-managed CMK (#7425) (ff8219b), closes #7142
  • ec2: lookup available AZs for Interface Endpoints (9fa3221)
  • events-targets: support multiple security groups for an ECS task (#7857) (c6504e6), closes #3312
  • init/java: model CDK version in property in Maven POMs (#7931) (ce5b8fb), closes #7862

Bug Fixes

1.38.0 (2020-05-08)

Features

  • cloudfront: support geo restrictions for cloudfront distribution (#7345) (cf25ba0), closes #3456
  • cloudwatch: legend positions in GraphWidgets (ada0de1), closes #3625
  • codebuild: add support for test reports (4befefc), closes #7367
  • core: custom resource provider helper (4a76973)
  • ec2: EBS volume configuration for BastionHostLinux (207a8ec), closes #6945
  • ecs: support multiple security groups when creating an ecs service (#7850) (456c469)
  • iam: openid connect providers (20621ac), closes #5388 #3949 #6308
  • add an example construct package (#7748) (2223584)
  • lambda-nodejs: run parcel in a docker container (d86e500), closes #7169
  • cloudformation spec v14.1.0 (#7822) (e133027)
  • s3: new s3UrlForObject method on IBucket (#7508) (8fe4015), closes #7507
  • stepfunctions: custom state as an escape hatch (c498f60)

Bug Fixes

  • assets: invalid fingerprint when 'exclude' captures root directory name (#7719) (a5c06a3), closes #7718
  • aws-batch: gpuCount was ignored in JobDefinition creation (#7587) (0f1bf23)
  • cli: parameter value reuse is not configurable (44310c9), closes #7041
  • core: docs refer to "createNamingScheme" which was renamed to "allocateLogicalId" (#7840) (d79595d), closes #7527
  • ecs: update minHealthyPercent constrain for ec2service using daemon strategy (#7814) (19e3fd8)
  • ecs: using secret JSON field with fargate task does not fail (#7317) (cb03a60), closes #7272
  • eks: "vendor response doesn't contain attribute" when updating version (#7830) (8cabae0), closes #7526 #7794
  • s3: grantDelete with KMS SSE (#7528) (c6d1a21), closes #4380
  • secretsmanager: add kms policy to allow secret to use kms key (5460717)

1.37.0 (2020-05-05)

⚠ BREAKING CHANGES

  • amplify: mapSubDomain() called with an empty string for prefix now maps to the domain root.

Features

Bug Fixes

  • amplify: cannot map branch to domain root (#7621) (da7c508), closes #7590
  • cdk-assets: assets archiving corruption (#7653) (f8eddb8), closes #6925
  • cli: cdk deploy cannot update stacks in REVIEW_IN_PROGRESS status (#7731) (a52b3e3), closes #6674
  • cli: CLI can't be used in Lambda Function (0e96415), closes #7530
  • cli: CLI ignores profile in cdk.json (#7398) (6784dc3), closes #3007
  • cloudwatch: Alarm can't use MathExpression without submetrics (b59aed0), closes #7155
  • ec2: new Instance fails in lookup Vpc (3161de8), closes #7580
  • ec2: Vpc.fromLookup() does not work in unit tests (e869a0d), closes #6045
  • ec2: can't add VPN connections to a VPC progressively (9498e05)
  • ec2: default gateway endpoint fails without private subnets (c475783), closes #7619
  • ec2: NAT instances don't route ICMP or UDP (a93534f), closes #7459
  • eks: impossible to define multiple spot capacities (be6666b), closes #7136 #7524
  • eks: missing required permission for fargate profile (723813f), closes #7614
  • eks: ssm path for amazon linux 2 gpu ami is invalid (#7672) (5861d18), closes #6891
  • iam: principal with implicit conditions overwrite each other (e72c353), closes #3227
  • logs: grants don't work on imported LogGroups (5a1a929), closes #7096
  • rds: Cluster does not work with imported VPC (#7666) (95c66a7), closes #6115

1.36.1 (2020-04-29)

Bug Fixes

1.36.0 (2020-04-28)

⚠ BREAKING CHANGES

  • stepfunctions-tasks: payload in RunLambdaTask is now of type TaskInput and has a default of the state input instead of the empty object. You can migrate your current assignment to payload by supplying it to the TaskInput.fromObject() API

Features

  • apigateway: gateway responses (#7441) (b0a65c1), closes #7071
  • aws-ecs: add support for IPC and PID Mode for EC2 Task Definitions (1ee629e), closes #7186

Bug Fixes

  • apigateway: authorizer is not attached to RestApi across projects (#7596) (1423c53), closes #7377
  • cli: can't bootstrap environment not in app (9566cca)
  • cli: context keys specified in cdk.json get moved to cdk.context.json (022eb66), closes #7399
  • dynamodb: grant() is not available on ITable (#7618) (3b0a397), closes #7473
  • dynamodb: grantXxx() does not grant in replication regions (98429e0), closes #7362
  • eks: version update completes prematurely (#7526) (307c8b0), closes #7457
  • stepfunctions-tasks: cannot specify part of execution data or task context as input to the RunLambda service integration (#7428) (a1d9884), closes #7371

1.35.0 (2020-04-23)

⚠ BREAKING CHANGES

  • assets: cdk deploy now needs s3:ListBucket instead of s3:HeadObject.
  • efs: Exported types no longer have the Efs prefix.
  • efs: provisionedThroughputInMibps property is renamed to provisionedThroughputPerSecond and has the type Size.
  • efs: The property fileSystemID is now renamed to fileSystemId in the now named FileSystemAttributes (previously, EfsFileSystemAttributes).
  • efs: LifecyclePolicyProperty is now renamed to LifecyclePolicy.

Features

  • backup: Vault, Plan and Selection (#7074) (c8aa92d)
  • cfnspec: cloudformation spec v13.0.0 (#7504) (6903869)
  • cloudtrail: Lambda Function data events (4a70138)
  • cognito: user pool domain (#7224) (feadd6c), closes #6787
  • stepfunctions: retrieve all reachable states from a given state in a state machine definition (#7324) (ac3b330), closes #7256

Bug Fixes

1.34.1 (2020-04-22)

Bug Fixes

  • cli: Javascript init-templates cannot be synthesized (ce4b8dd), closes #7356

1.34.0 (2020-04-21)

⚠ BREAKING CHANGES

  • glue: DateFormat constant names are now UPPERCASE (JSON, AVRO, LOGSTASH, ...)

Features

Bug Fixes

  • cloudwatch: can't override Alarm statistic with percentile (d5918c3), closes #7341
  • glue: DataFormat constants are not visible in non-JS languages (#7458) (e5d4c31)
  • monocdk: assert package has incorrect imports (#7404) (825c9e1)
  • stepfunctions-tasks: encryptionKey is Key instead of IKey (#7429) (f1e2c67)

1.33.1 (2020-04-19)

Bug Fixes

  • jsii version conflict due to upgrade from v1.1.0 to v1.3.0 (f2fdfe5), closes #7426

1.33.0 (2020-04-17)

⚠ BREAKING CHANGES

  • kinesis: grantRead() API no longer provides permissions to kinesis:DescribeStream as it provides permissions to kinesis:DescribeStreamSummary and kinesis:SubscribeToShard in it's place. If it's still desired, it can be added through the grant() API on the stream.
  • kinesis: grantWrite() API no longer has DescribeStream permissions as it has been replaced by ListShards for shard discovery

Features

  • cfnspec: cloudformation spec v12.2.0 (#7248) (1475d5a)
  • Support AppSync DataSource type: NONE (f35a4db)
  • cfnspec: cloudformation spec v12.3.0 (#7359) (a80918f)
  • ec2: expose blockDevices in CommonAutoScalingGroupProps (#7291) (5fe4480)
  • ec2: filtering selected subnets by availability zone (2d3e612)
  • eks: support a new option to create bottlerocket capacity. (e9f691f), closes #7268
  • kinesis: grantRead now allows the ListShards action and grant is now public (#6141) (563fba4), closes #3357
  • kinesis: add grant API to IStream to add permissions to a Stream (#7354) (c223406)
  • kinesis: the aws-kinesis module is now stable (#7349) (4ab3ffa), closes #5874
  • update "constructs" to 3.x (#7408) (8f8d20f), closes #6978

Bug Fixes

1.32.2 (2020-04-10)

Bug Fixes

  • cli: profile AssumeRole credentials don't work via proxy (#7292)

1.32.1 (2020-04-09)

Bug Fixes

  • iam: new IAM Condition type is unusable in Java (#7270) (85f606a)

1.32.0 (2020-04-07)

⚠ BREAKING CHANGES

  • cognito: UserPoolClient construct no longer has the property userPoolClientClientSecret. The functionality to retrieve the client secret never existed in CloudFormation, so this property was not working in the first place.
  • cognito: The userPoolClientName property on the UserPoolClient construct will throw an error if client name was not configured on the UserPoolClient during initialization. This property was previously incorrectly configured and was returning a not-implemented message from CloudFormation every time.
  • amplify: use the sourceCodeProvider prop to connect your app to a source code provider. The props repository, accessToken and oauthToken do not exist anymore in AppProps.
  • kinesis: retentionPeriodHours is now retentionPeriod and of type Duration
  • eks: Cluster now creates a default managed nodegroup as its default capacity. Set the new cluster property defaultCapacityType to DefaultCapacityType.EC2 to preserve EC2 as its default capacity.
  • cognito: add*Trigger() methods to configure lambda triggers has now been replaced by a single addTrigger() method.
  • cognito: addTrigger() method will fail if a trigger was already configured for that user pool operation.
  • iam: methods accepting iam conditions now requires passing {[key: string]: any} instead of plain any. You were always supposed to pass a map/dictionary in these locations, but the type system didn't enforce it. It now does.

Features

Bug Fixes

  • acm-certificatemanager: DnsValidatedCertificateHandler support for SubjectAlternativeNames (#7050) (a711c01), closes #4659

  • aws-ecs-patterns: revert commit f31f4e1 (#6987) (0af2d2e)

  • aws-kinesis: test assume order between stacks (#7065) (17aab37)

  • cli: can't use credential providers for stacks with assets (#7022) (afd7045), closes #7005

  • cloudtrail: include s3KeyPrefix in bucket policy resource (#7053) (b49881f), closes #6741

  • cognito: user pool - passwordPolicy.minLength is not optional in all cases (#6971) (49cdd8f)

  • dynamodb: cannot use attribute as key in a GSI, non-key in another (#7075) (a6bd34f), closes #4398

  • ecs: default Service throws in a VPC without private subnets (#7188) (0ef6a95), closes #7062

  • events: Batch target does not work (#7191) (6f00783), closes #7137

  • kinesis: retention period does not use Duration type (#7037) (1186227), closes #7036

  • rewrite-imports: incorrect main in package.json (#7021) (2bf85b3)

  • stepfunctions-tasks: batch job - can not use task input as array size (#7008) (923d2a1), closes #6922

  • stepfunctions-tasks: confusion between multiple ways to run a Lambda (#6796) (7485448), closes #4801

  • cognito: clean up and document triggers (#6816) (32834cb)

1.31.0 (2020-03-24)

⚠ BREAKING CHANGES

  • .NET Core v3.1 is required with JSII v1.1

Features

Bug Fixes

  • acm: Allow tokens as a part of the hosted zone name (#6685) (acfb6ef), closes #6133

  • aws-ecs-patterns: only create an A record if LB is public (#6895) (f31f4e1), closes #6702

  • cdk-assets: context path not honored by Docker asset build (#6957) (1edd507), closes #6954 #6814

  • cloudwatch: unhelpful error when reusing metric IDs (#6892) (60253a3)

  • cognito: user pool - link style email verification fails to deploy (#6938) (b5c60d5), closes #6811

  • ec2: spelling error in Instance's subnet selection logic. (#6752) (564561a)

  • iam: immutable role cannot be used as a construct (#6920) (56be032), closes #6885

  • .NET Core 3.1 is required with JSII v1.1 (#6951) (24f12d6)

1.30.0 (2020-03-18)

Features

  • cloudwatch: standard set of graph colors (#6747) (97ae931)

Bug Fixes

1.29.0 (2020-03-18)

🚀 To enable new CDK projects such as CDK for Kubernetes, we have released the constructs programming model as an independent library called constructs. The @aws-cdk/core.Construct class is now a subclass of the base constructs.Construct.

⚠ BREAKING CHANGES

  • cognito: UserPoolAttribute has been removed. It is no longer required to defined a UserPool.
  • ec2: if you implemented a custom subclass of IMachineImage it must now always return a userData object.

Features

  • cli: add permissions to the bootstrap action role for cdk deploy (#6684) (52fd078)
  • codebuild: add support for Source Credentials (#6722) (a6e2d28)
  • cognito: user pool - custom & mandatory standard attributes (#6487) (6dfb677), closes #1747
  • cognito: user pool - MFA, password policy and email settings (#6717) (cc35dad)
  • core: the "constructs" module (#6623) (eded95b)
  • ec2: availabilityZone is optional when importing subnet (d10fe67), closes #6607
  • lambda-event-sources: failure handling for stream event sources (#5929) (5028009), closes #5236

Bug Fixes

  • aws-ecs-pattern: allow ScheduledTaskBase to run on a public subnet (#6624) (b9a1408), closes #6312
  • SecretValue.secretManager validates non-ARN ids do not contain : (#6371) (7cb8c3f)
  • aws-logs: remove validation of retentionInDays for unresolved tokens (#6727) (43a3420), closes #6690
  • ec2: MachineImages create appropriate UserData (7a10f0f)

1.28.0 (2020-03-16)

⚠ BREAKING CHANGES

  • batch: computeEnvironments is now required
  • batch: the allocationStrategy property was moved from ComputeEnvironmentProps to the ComputeResources interface, which is where it semantically belongs.
  • custom-resources: getDataString was renamed to getResponseField.
  • custom-resources: getData was renamed to getResponseFieldReference.
  • custom-resources: catchErrorPattern was renamed to ignoreErrorCodesMatching. In addition, a few synth time validations were added when using this property. See Error Handling for details.
  • custom-resources: policyStatements property was removed in favor of a required policy property. Refer to Execution Policy for more details.

Features

Bug Fixes

  • apigateway: type mismatch in C# when setting identitySources (#6649) (2d3e7b1), closes #6538 40aws-cdk/aws-apigateway/test/authorizers/integ.request-authorizer.ts#L26
  • batch: computeEnvironments is now required for JobQueue (#6616) (0b6c865), closes #6615
  • batch: managed compute environment now properly works with compute resources and instanceRole has correct docstring and type definition (#6549) (4e81334)
  • certificatemanager: Route53 endpoint cannot be set and does not work for aws-cn (#6480) (9858cdb)
  • cli: codepipeline cloudformation action in cross account fail writing outputArtifacts (#6594) (05cf78b)
  • cloudwatch: missing LessThanLowerOrGreaterThanUpperThreshold (#6597) (9731555)
  • codepipeline-actions: use IBaseService instead of BaseService in EcsDeployActionProps (#6412) (bed5357)
  • eks: cannot upgrade version of clusters with an explicit name (#6064) (1dd7104)
  • eks: sporadic broken pipe when deploying helm charts (#6522) (03df1f1), closes #6381
  • iam: cannot add multiple conditions using same operator (348a952)

1.27.0 (2020-03-03)

⚠ BREAKING CHANGES

  • cognito: UserPool.fromUserPoolAttributes() has been replaced by fromUserPoolId() and fromUserPoolArn().
  • cognito: IUserPool no longer contains userPoolProviderName and userPoolProviderUrl.
  • cognito: The property signInType of UserPool has been renamed to signInAliases and given a new type SignInAliases. The list of sign in types are now specified via boolean properties.
  • cognito: The property usernameAliasAttributes of UserPool has been dropped and its functionality merged with the signInAliases property.
  • cognito: The property autoVerifiedAttributes for UserPool is now renamed to autoVerify and its default has now changed. The new default is now determined by the value of signInAliases.
  • appsync: Configuration the user pool authorization is now done through the authorizationConfig property. This allows us to specify a default authorization mode out of the supported ones, currently limited to Cognito user pools and API keys.
  • custom-resources: physicalResourceId and physicalResourceIdPath were unified to a concrete type under the physicalResourceId property. Use PhysicalResourceId.fromResponse and PhysicalResourceId.of factory functions to specify it.

Features

Bug Fixes

  • assert: haveResourceLike and countResourcesLike compatibility (#6202) (86c04f3)
  • cli: fast "no-op" deploys do not consider tags (#6472) (5de87c1), closes #6463
  • codepipeline: an action's role imported in a different stack adds a dependency to the CodePipeline stack (#6458) (86ea564)
  • codepipeline: automatically named artifacts could contain illegal characters from stage/action names (#6460) (34aaca4)
  • core: adds enableVersionUpgrade property to CfnUpdatePolicy (#6434) (f8cacb9), closes #6158
  • custom-resources: AwsCustomResource with delete only action fails (#6363) (61a99e7), closes #6061
  • docker: cannot use cdk docker assets as base image (#6471) (983dd40), closes #6466
  • rds: setting timezone on DatabaseInstance causes internal failure (#6534) (9e2ac91), closes #6439
  • stepfunctions: valid reference path '$' fails with an error (#6483) (221c83b), closes #6388

1.26.0 (2020-02-25)

⚠ BREAKING CHANGES

  • apigateway: the interface now accepts endpointconfiguration property instead of endpoint type as defined by cfn
  • lambda-nodejs: parcel-bundler v1.x is now a peer dependency of @aws-cdk/aws-lambda-nodejs. Please add it to your package.json.

Features

  • apigateway: expose endpointconfiguration to include vpcEndpointIds (#6078) (99de6ca), closes #6038
  • apigateway: lambda request authorizer (#5642) (031932d)
  • appsync: mapping template for lambda proxy (#6288) (f865d5e)
  • batch: add JobQueue, ComputeEnvironment and JobDefinition constructs (c8a22b1)
  • cdk-assets: asset uploading tool (c505348)
  • cli: faster "no-op" deployments (#6346) (d4a132b), closes #6046 #2553 #6216
  • cfn: CloudFormation Resource Specification 11.1.0 (#6424) (ab9b77c)
  • cognito: user pool verification and invitation messages (#6282) (faf6693)
  • ecs-patterns: create dlq when queue is not provided for QueueProcessingService (#6356) (e307d7f)
  • kms: trustAccountIdentities avoids cyclic stack dependencies (03f4ef2)
  • rds: attach description to database secret (d5a4854)
  • sns: support multiple tokens as url and email subscriptions (#6357) (e5493bd), closes #3996
  • ssm: add ability to specify SSM Parameter tier (#6326) (9209ef6)

Bug Fixes

  • aws-ecs: propagate dnsTtl property part of cloudMapOptions (#6370) (747bdb2), closes #6223
  • cli: cdk deploy hangs when stack deployment fails (#6433) (4b11d99)
  • cli: Python init templates are missing .gitignore file (#6350) (cd6cd42), closes #5566
  • core: top-level resources cannot use long logical ids (#6419) (2a418b9), closes #6190 #6190
  • ecs: support file as firelens config type (#6322) (f9996f3)
  • lambda: erroneous inline code support for ruby (#6365) (8e21e78), closes #6302
  • lambda-nodejs: parcel is too big to bundle (a93e4d5), closes #6340

1.25.0 (2020-02-18)

⚠ BREAKING CHANGES

  • appsync: Changes MappingTemplate.dynamoDbPutItem() to accept PrimaryKey and AttributeValues, which allow configuring the primary key and to project an object to a set of attribute values.

Features

  • appsync: more general mapping template for DynamoDB PutItem (#6236) (e9937d3), closes #6225
  • aws-applicationautoscaling: support Lambda and Comprehend (#6191) (bdab747)
  • cfn: update CloudFormation spec to v11.0.0 (#6311) (ea272fa)

Bug Fixes

1.24.0 (2020-02-13)

Features

  • assert: add countResourcesLike method (#6168) (491e2d9)
  • cx-api: clean up features.ts (#6181) (efd6f3d), closes #6098
  • dynamodb: add metrics for dynamodb table (#6149) (295391e)
  • dynamodb: global tables version 2019.11.21 (#5821) (8c0c2b1), closes #5752
  • ec2: smarter default for VPN route propagation (#6071) (5dd8aca), closes #6008
  • ec2: VPC flow logs (a2fddec), closes #3493
  • iam: add ability to create IAM role descriptions (cee8825)
  • iam: descriptions for IAM Roles (a1294d3)
  • cfnspec: update CloudFormation spec to 10.5.0 (#6195) (47a9949)
  • iam: lookup ManagedPolicy via ARN (2df2023), closes #6186
  • lambda: expose function.deadLetterQueue (6656047), closes #6170
  • step-functions: grantStartExecution available on imported StateMachine (5ae81cd), closes #6173
  • stepfunctions: EMR service integrations (c69b6d2), closes #5224

Bug Fixes

  • cli: truncated 'cdk diff' output in pipes (aba1485)
  • apigateway: deployment fails when Model's contentType is not specified (#6199) (0bf1403), closes #6161
  • apigateway: stack deployment fails when a Stage is explicitly specified (#6165) (879601e), closes #6068
  • cli: wrongly assume aws config file always exists (#6196) (23f8b9f)
  • codebuild: badge is not allowed for CodeCommit sources (#6211) (433d957), closes #6205
  • ec2: onePerAz does not work for looked-up VPCs (3332d06), closes #3126
  • ecs-patterns: allow imported load balancers as inputs (7f8c90d)
  • elasticloadbalancingv2: logAccessLogs in Base Load Balancer (#6197) (adbc3b9), closes #3794
  • elbv2: validate rule priority is a positive number (#6222) (1fbaafe), closes #3794
  • kms: add TagResource & UntagResource IAM permissions to default key policy (#6125) (e65a326), closes #6102

1.23.0 (2020-02-07)

Features

Bug Fixes

  • assets: add exclude glob patterns to calculating fingerprint for staging (#6085) (d9a043b), closes #5238
  • aws-s3-deployment: fix server side encryption parameters (#6006) (c7197c0), closes #6002
  • cli: colored text is unreadable when using light themes (#5250) (b4573ef)
  • cli: parse equals sign in context values (#5773) (667443c), closes #5738
  • codepipeline: manual approval action doesn't have configuration without a topic (#6106) (a63cbf8), closes #6100
  • cognito: standard attr timezone unexpectedly creates custom attr (#5973) (acf3ffc)
  • ec2: add MachineImage factory, document instance replacement (#6065) (435d810), closes #5675 #6025
  • ec2: private DNS for custom endpoints has incorrect default (d681d96)
  • ecr-assets: docker images are not built if .dockerignore includes an entry that ignores the dockerfile. (#6007) (e7ef5e5)
  • ecs: fix splunk-sourcetype (#6128) (6456a7c)
  • ecs-patterns: queue service grant permission automatically (#6110) (0d0794e)
  • ecs-patterns: remove duplicated schedule property for scheduled task pattern (#6101) (15b6aa7)
  • eks: missing VPC permissions for fargate profiles (#6074) (0a586fc)
  • glue: Make Glue Database locationUri optional. (#5784) (a065169), closes #5268 #5268 #5268 #5268
  • iam: policies added to immutably imported role (#6090) (f1f5319), closes #5569 #5943
  • init-templates: JavaScript, TypeScript, and Python init templates are broken in 1.21.0 (#5989) (505c91e), closes #5986
  • route53: CaaAmazonRecord ignores recordName (#6027) (16f9721), closes #5764
  • route53: correct import example in README.md (#5946) (ed71931)
  • s3-deployment: passing any system metadata causes lambda to fail on "Unknown options:" when invoking aws cli. (#6086) (b30add8)

1.22.0 (2020-01-23)

⚠ BREAKING CHANGES

  • eks: (experimental module) the Mapping struct was renamed to AwsAuthMapping.
  • core: Arn.parseArn now returns empty string for nullable Arn components. Users who were depending on an undefined value will now receive the falsy empty string.
  • ecr-assets: all docker image assets are now pushed to a single ECR repository named aws-cdk/assets with an image tag based on the hash of the docker build source directory (the directory where your Dockerfile resides). See PR #5733 for details and discussion.
  • autoscaling: AutoScaling by using scaleOnMetric will no longer force the alarm period to 1 minute, but use the period from the Metric object instead (5 minutes by default). Use metric.with({ period: Duration.minute(1) }) to create a high-frequency scaling policy.

Features

  • apigatewayv2: fork APIGatewayV2 into its own package (#5816) (d58667e)
  • cloudformation: upgrade the CloudFormation resource specification to v10.3.0 (#5882) (e5e4725)
  • ecr-assets: simplify docker asset publishing (#5733) (b52b43d), closes #3463 #5807
  • eks: fargate profiles (#5589) (450a127), closes #5303
  • lambda: allow inline code for nodejs12.x runtime (#5710) (a1cd743)
  • lambda-destinations: option to auto-extract the payload when using LambdaDestination (#5503) (321372f)
  • route53-targets: Add aws-route53-targets/InterfaceVpcEndpointTarget (#4868) (6969562)
  • bump JSII to version 0.21.2 (#5919) (dd18456)

Bug Fixes

  • apigateway: LambdaRestApi fails when a user defined Stage is attached (#5838) (05719d7), closes #5744
  • autoscaling: can't use MathExpression in scaleOnMetric (d4c1b0e), closes #5776
  • SecretsManagerRDSPostgreSQLRotationMultiUser not working (49032ee)
  • autoscaling: can't use block devices (fee1324), closes #5868
  • core: allow empty string components in parseArn (#5875) (5ed5eb4), closes #5808
  • lambda: setting log retention to INFINITE causes failure (#5876) (19ed739)
  • route53: incorrect domain name produced when using HTTPS in ApplicationLoadBalancedFargateService (#5802) (5ba5a5e)

1.21.1 (2020-01-16)

Bug Fixes

  • ecr-assets: cannot build docker images outside the source tree (i.e. against a cdk.out directory) (#5836) (6bc8ecc), fixes (#5807)
  • cli: cdk init fails if run under a directory where cdk.json exists, reverts (#5772) due to an issue which will be fixed in a subsequent version (#5836) (da9c626) , fixes (#5826)

1.21.0 (2020-01-15)

Features

Bug Fixes

  • acm: DnsValidatedCertificate in non-aws partitions (#5771) (e3305d8)
  • apigateway: authorizer name is not optional (#5731) (21c425e), closes #5678
  • apigateway: unable to associate RestApi as a route53 target for late bound domains (#5555) (c02741e)
  • cli: Fix various init templates & their tests (#5693) (a85da79)
  • cli: proxy support is broken (#5803) (3a63f57), closes #5743 #5791
  • cloudformation: nested stack example in readme is broken (#5729) (c53356a), closes #5686
  • cloudwatch: cross-account metrics in env-agnostic stack (#5775) (5292bd5), closes aws/aws-cdk#5628
  • codepipeline: Action.onStateChange() has wrong detail type (#5721) (8686dd5), closes #3614
  • custom-resources: missing physical resource id for delete calls (#5805) (9b7236a), closes #5796
  • ecr-assets: unable to use one Dockerfile to build multiple images (#5705) (ff3f27f), closes #5683
  • ecs: cannot separate Cluster and Ec2Service behind ALB (#5813) (eb3c517)
  • glue: empty string in Table.s3prefix is not undefined (#5783) (18e15de), closes #5763
  • iam: can't use OrganizationPrincipal for assuming Role (#5746) (6c3d4c4), closes #5732
  • rds: pass the ARN of master instead of its ID in DatabaseInstanceReadReplica (#5702) (d323c0c), closes #5530

1.20.0 (2020-01-07)

⚠ BREAKING CHANGES

  • autoscaling: AutoScalingGroups without desiredCapacity are now initially scaled to their minimum capacity (instead of their maximum capaciety).
  • rds: addRotationSingleUser(id: string, options: SecretRotationOptions) is now addRotationSingleUser(automaticallyAfter?: Duration)
  • glue: InputFormat. TEXT_INPUT_FORMAT has been renamed to TEXT. OutputFormat. HIVE_IGNORE_KEY_TEXT_OUTPUT_FORMAT has been renamed to HIVE_IGNORE_KEY_TEXT

Features

Bug Fixes

1.19.0 (2019-12-17)

⚠ BREAKING CHANGES

  • route53: the value of hostedZoneId will no longer include /hostedzone/ prefix and only includes the hostedZoneId when using HostedZone.fromLookup or fromHostedZoneAttributes
  • cloudfront: (experimental module) S3OriginConfig.originAccessIdentityId or type string has been removed in favor of S3OriginConfig.originAccessIdentity of type IOriginAccessIdentity.
  • cli: cdk diff now exits with 0 even when there's a diff, use --fail to exit with 1. To enable this feature for old projects, add the context key "aws-cdk:diffNoFail": "true" in your cdk.json file.

Features

Bug Fixes

  • apigateway: unable to enable cors with a root proxy and LambdaRestApi (#5249) (f3d5fc9), closes #5232
  • cdk-dasm: prevent duplicate imports (#5293) (d4562b7)
  • cli: fix the behaviour for the --generate-only flag (#5253) (ecbe0b6)
  • cli: this.node.addError does not cause cdk diff to fail #4700 (#5284) (1b12dba)
  • cloudfront: associated lambda role requires edgelambda.amazonaws.com (#5191) (173d886), closes #5180
  • codebuild: add deprecation warning for UBUNTU_14_04 (#5234) (c1b575f)
  • codepipeline: CloudFormation deployment role always gets pipeline bucket and key permissions (#5190) (d5c0f3e), closes #5183
  • core: dependencies across stack boundaries of all kinds (#5211) (d1f0dd5), closes #4460 #4474
  • dockerfile: docker build is missing dotnet (#5091) (18fa3aa)
  • docs: update removed subscribeLambda method example (#5060) (d2a86a5)
  • dynamodb: add missing permission for read stream data (#5074) (22688ce)
  • dynamodb: stacks created by GlobalTable correctly inherit their account. (#5202) (5ad5407), closes #4882
  • ec2: can't add non-default routes to subnets (#5332) (e4309ab)
  • ec2: CIDR for "any" IPv6 too long (#5179) (3695d8c)
  • ec2: Fix CODEBUILD_FIPS interface endpoint (#5315) (465c848)
  • ecr: remove deprecated requirement on docs and comments (#5428) (40ec78e), closes #2857 #2857 #3273
  • init-templates: use pytest for Python sample-app init template (#5325) (6c25da7), closes #5313
  • route53: return plain hosted zone id without /hostedzone/ prefix (#5230) (5e08753)
  • sfn: Task parameters property does nothing (#5408) (01df7c6), closes #5267
  • test: fix .nycrc symlinking (#5245) (d2496e0)

1.18.0 (2019-11-25)

General Availability of AWS CDK for .NET and Java!! 🎉🎉🥂🥂🍾🍾

We are excited to announce the general availability of support for the .NET family of languages (C#, F#, ...) as well as Java!

We want to express our gratitude to all of our early customers as well as the amazing contributors for all the help and support in making this release possible. Thank you for all the feedback provided during the Developer Preview of .NET and Java support, without which the product would not be what it is today.

Special thanks go out to a handful of amazing people who have provided instrumental support in bringing .NET and Java support to this point:

Of course, we continue to be amazed and thrilled by the community contributions we received besides language support. The passion demonstrated by the CDK community is heartwarming and largely contributes to making maintaining the CDK an enjoyable, enriching experience!

Features

  • lambda: node12.x, python3.8 and java11 runtimes (#5107) (e62f9fb)
  • lambda: unlock the lambda environment variables restriction in China regions (#5122) (cc13009)

Bug Fixes

  • init/chsarp: correct README for sample-app C# template (#5144) (b2031f6)
  • init/sample-app: numerous fixes and additions to the sample-app init templates (#5119) (02c3b05), closes #5130 #5130
  • init/java: add -e to mvn command so errors aren't hidden (#5129) (5427106), closes #5128
  • init/csharp: .NET semantic fixes for init templates (#5154) (04a1b32)

Known Issues

The following known issues were identified that specifically affect .NET and Java support in the CDK, and which will be promptly addressed in upcoming CDK releases (in no particular order). See the GitHub issues for more information and workarounds where applicable.

  • .NET and Java: aws/jsii#1011 - abstract members are not marked as such on their .NET and Java representations
  • .NET: aws/jsii#1029 - user-defined classes implementing CDK interfaces must extend Amazon.Jsii.Runtime.Deputy.DeputyBase
  • .NET: aws/jsii#1042 - Parameters typed object accept only primitive types, instances of CDK types, Dictionary<string,?>
  • .NET: aws/jsii#1044 - Unable to pass interface instance through in a Dictionary<string,object>
  • Java: aws/jsii#1034 - Implementing or overriding overloaded methods in Java does not work consistently
  • Java: aws/jsii#1035 - Returning Lazy.anyValue from an method whose return type is java.lang.Object may result in Resolution Errors
  • Java: aws/jsii#1005 - property getter implementations (e.g: from an interface) may be ignored

1.17.1 (2019-11-19)

Bug Fixes

  • align all jsii deps to 0.20.7 (15770f4)

1.17.0 (2019-11-19)

Features

Bug Fixes

  • cli: cdk bootstrap is broken due to --no-execute (#5092) (7acc588)
  • cli: cdk version prints to STDERR instead of STDOUT like --version (#5095) (ae5170c), closes #4720
  • core: unable to find stack by name using the cli in legacy mode (#4998) (26bba19), closes #4895 #4997
  • custom-resources: flatten objects with null values in AwsCustomResource (#5073) (f4ea264), closes #5061
  • ecs-patterns: Fix issue related to protocol being passed to target group (#4988) (a257d4d)
  • init-templates: update init templates for csharp and java (#5059) (2d92ab3)
  • logs: cannot use same Lambda for multiple SubscriptionFilters (#4975) (94f5017), closes #4951

1.16.3 (2019-11-13)

Bug Fixes

  • ecs-patterns: Fix issue related to protocol being passed to target group (#4988) (6bb29b5)
  • core: unable to find stack by name using the cli in legacy mode (#4998) (26bba19)

1.16.2 (2019-11-12)

Bug Fixes

  • python: correct handling of inline-dict for nested props (7666264)

1.16.1 (2019-11-11)

Bug Fixes

  • jsii: correct handling of mappings into object parameters (0d23eb3)

1.16.0 (2019-11-11)

⚠ BREAKING CHANGES

  • core: template file names in cdk.out for new projects created by cdk init will use stack.artifactId instead of the physical stack name to enable multiple stacks to use the same name. In most cases the artifact ID is the same as the stack name. To enable this fix for old projects, add the context key @aws-cdk/core:enableStackNameDuplicates: true in your cdk.json file.

Features

  • apigateway: publish api endpoint through an export name #3662 (#4849) (652a8f5)
  • aws-ecr: add onImageScanCompleted() support (#4819) (5bdd9bb), closes #4818
  • aws-eks: support aws/aws-node-termination-handler as the default spot draining handler (#4931) (f4a41d1)
  • aws-events: Adds EventBus resources (#4609) (bbec8c5)
  • cfnspec: update CloudFormation spec to 7.3.0 (#4838) (ed904cb)
  • cli: add @types/node to typescript init templates (#4947) (efde8e9), closes #3839 #4462 #3840
  • cli: cdk version command (#4720) (3459982)
  • cli: docker image asset scanning by default (#4874) (87421c9)
  • cli: dotnet init templates come with Roslyn Analyzers (#4765) (fbd007e)
  • cloudwatch: allow overriding of metric graph rendering (#4571) (3643130)
  • core: add resource type and properties for all CfnResource constructs to tree.json (#4894) (4037155), closes #4562
  • core: cdk init --generate-only (#4826) (9cc1e52)
  • custom-resources: allow specifying role for AwsCustomResource (#4909) (98fb888), closes #4906
  • custom-resources: implement IGrantable for AwsCustomResource (#4790) (b840784), closes #4710
  • ec2: allow using existing security groups with interface VPC endpoints (#4908) (bda28e8), closes #4589 #2699 #3446
  • ec2: support NAT instances, AMI lookups (#4898) (dca9a24), closes #4876
  • ecs: add cloudMapNamespace as a property of cloudMapOptions (#4890) (06caf4f)
  • feature flags rfc (#4925) (db50ab0)
  • custom-resources: provider framework (#4572) (f9eec04)
  • ecs-patterns: add listener port as a property for network/application load balanced services (#4825) (20b8e5d), closes #4793
  • elbv2: add redirect action of ALB's listener (#4606) (c770d3c), closes #4546
  • events: support event bus for rule (#4839) (f5858ba)
  • s3: onCloudTrailWriteObject matches all update events (#4723) (46d9885), closes #4634
  • sns: support cross-region subscription on imported topics (#4917) (3dd194d), closes #3842
  • stepfunctions: add EvaluateExpression task (#4602) (6dba637)
  • vpc: allow Vpc.fromLookup() to discover asymmetric subnets (#4544) (2ccb745), closes #3407

Bug Fixes

  • apigateway: allow multiple api keys to the same usage plan (#4903) (142bd0e), closes #4860
  • assets: support exceptions to exclude patterns (#4473) (b7b4336)
  • cloudfront: aliasConfiguration fallback identifier conflict (#4760) (4d16f79)
  • cloudfront: revert certificate region verification (#4734) (de0eb47)
  • core: cannot use the same stack name for multiple stacks (under feature flag) (#4895) (658f100), closes #4412
  • dockerfile: add yarn (#4844) (2f8d06a)
  • dynamodb: Fix AutoScaling role ARN (#4854) (fc054e9)
  • dynamodb-global: cannot deploy global tables due to unresolved resource dependencies (45f0e02), closes #4676
  • ecs-patterns: handle desired task count being set to 0 (#4722) (c31ca27)
  • eks: pass --use-max-pods to bootstrap options when false (#4753) (22fe0ce)
  • elbv2: update region/account map of elbv2 (#4738) (5d98e7f)
  • init: 'cdk init' doesn't leave .d.ts files (#4841) (10b5b3c)
  • init: remove automatic JSII Roslyn analyzer dependency (#4835) (5029f0e)
  • init/csharp: correct cdk.json 'app' command (#4778) (d89504f)
  • ssm: malformed ARNs for parameters with physical names that use path notation (#4842) (43f276a)

In addition to the above, several bugs in the Python, .NET and Java release of the CDK have been addressed.

1.15.0 (2019-10-28)

⚠ BREAKING CHANGES

  • rds: securityGroup: ec2.ISecurityGroup is now securityGroups: ec2.ISecurityGroup[] in DatabaseInstanceAttributes
  • rds: removed securityGroupId from IDatabaseInstance

Bug Fixes

  • acm: update CertificateRequestorFunction runtime (#4612) (a711425), closes #4610
  • assets: docker asset versions are pushed to separate repositories (#4537) (8484114), closes #4535
  • aws-lambda: update deprecation warning for node.js 8.10 (#4624) (ace8041)
  • cli: add Cloud Assembly backwards compat tests (#4625) (5d2e5e3), closes #4475 #4544
  • cloudformation: cannot reference resource attributes with "." in nested stacks (#4684) (561bb73)
  • codebuild: revert validation that only a project with source CODEPIPELINE can be added to a pipeline (#4689) (8e72720), closes #4646
  • codepipeline: the CodeBuild action now works with imported projects (#4637) (6c4085e), closes #4613
  • core: fix docs for CfnInclude (#4703) (ba38b76), closes #3424
  • core: removalpolicy correct default (#4499) (09d89c3), closes #4416
  • custom-resources: increase and expose timeout for AwsCustomResource (#4623) (f17f809), closes #3272
  • eks: cannot update cluster configuration (#4696) (e17ba55), closes #4311 #4310
  • elbv2: fix disabling proxy protocol v2 attribute for NetworkTargetGroup (#4596) (8b598c4), closes #4574
  • iam: fix managedPolicyName, cross-account references (#4630) (9b7d2d0), closes #4581 #4567
  • ssm: invalid parameter arn (#4685) (e26a36c), closes #4672

Features

  • apigateway: add convenience url property at resource level (#4686) (012eeed)
  • autoscaling: let AutoScalingGroup be IGrantable (#4654) (406dc8e)
  • cloudfront: complete viewerCertificate support (#4579) (80b4ac9)
  • codedeploy: Model ECS deployment resources and pipeline action (#4600) (ed639ca)
  • codepipeline: add ability to override env variables in CodeBuild actions (#4502) (c0c0513), closes #4531
  • ec2: Support explicit Subnet selection (#4622) (203a605)
  • ecs: add support for start and stop timeout in ContainerDefinition (#4638) (b00c0af)
  • ecs-patterns: add family name to load balanced service properties (#4688) (d7654e7)
  • ecs-patterns: add service name to queue processing service properties (#4505) (3202720), closes #4504 #4504
  • rds: allow using existing security groups for new instance (#4495) (ef1ce5e), closes #2949
  • vpc: additional validation around Subnet Types (#4668) (9a96c37), closes #3704

1.14.0 (2019-10-22)

NOTICE: since Node.js 8.x is going out of maintenance early next year, starting in the next release, we will only test the AWS CDK against Node.js 10.x. If you are using an older version of Node.js, we recommend to upgrade.

Bug Fixes

Features

  • apigateway: cors preflight support (#4211) (0f06223)
  • ec2: mutable? param for imported SecurityGroups (#4493) (9764996)
  • ecs-patterns: add family name to queue processing service properties (#4508) (b0874bb), closes #4507

1.13.1 (2019-10-15)

Bug Fixes

1.13.0 (2019-10-15)

Bug Fixes

  • codepipeline: allow adding an S3 source action with the same bucket multiple times (#4481) (87458c1), closes #4237
  • use fixed dependency versions between CDK packages (#4470) (1d1b8bc)
  • cli: remove warning about assets not included in diff (#4454) (123c594), closes #395
  • cli: Use RegionalDomainName attribute in output of Toolkit stack for GovCloud and CN compatibility (#4427) (adbc2e3), closes #1469
  • codepipeline: do not retain the default bucket key and alias (#4400) (9740ed3), closes #4336
  • elbv2: add new FS security policies (#4425) (a4e63bd)
  • elbv2: validate healthcheck intervals (#4280) (3627e23), closes #4279
  • s3-deployment: lambda "src" not included in published module (#4430) (d16080a), closes #4404

Features

  • aws-s3-deployment: support specifying objects metadata (#4288) (63cb2da)
  • cli: add tags to CDKToolkit stack through bootstrap cli command (#4320) (4284aa2), closes #4227
  • cli: notify option in deploy command to specify SNS Notification ARNs (#4420) (7d6b474), closes #2528
  • codepipeline: support cross-environment deployments for all actions (#4276) (1eebf92), closes #3389
  • core: Add ability to set stack description (#4457) (#4477) (443394c)
  • ecs: add automated spot instance draining support (#4360) (9c208d0)
  • elbv2: support UDP and TCP_UDP protocols (#4390) (1958f26)
  • s3-deployment: optional role override for bucket-deployment (#4284) (e1b48bc)

1.12.0 (2019-10-07)

Bug Fixes

  • apigateway: defaultChild on RestApi returns the underlying L1 (#4318) (53db8bc), closes #3234
  • cloudmap: fix CloudMap Service import, expose ECS CloudMap Service (#4313) (c968c96), closes #4286
  • codebuild: validate if a CodePipeline action that is cross-account does not have outputs (#4171) (1744f8a), closes #4032
  • custom-resources: support region for AwsCustomResource (#4298) (934d36f), closes #4292
  • ecr-assets: exclude option (#4354) (f96b2fb), closes #4353 #4353
  • ecs: nat network mode for windows tasks (#4317) (9ceb995), closes #4272
  • lambda-event-sources: add missing export of streams.ts (#4362) (032b70c), closes #4352

Features

BREAKING CHANGES

  • cloudmap: cloudmap.Service.fromServiceAttributes takes a newly required argument namespace.

1.11.0 (2019-10-02)

Bug Fixes

Features

  • codepipeline: validate that source actions are in the same region as the pipeline (#4303) (c35091f)
  • update CloudFormation resource specification to v6.2.0 (#4309) (92b05a6)
  • cli: Add Jest tests to JavaScript init templates (#4282) (22a5ada), closes #4027
  • ecs-patterns: Allow overriding loadBalancer and taskDefinition (#4213) (f2a6d46)
  • lambda: event-source maxBatchingWindow property (#4260) (4040032)

1.10.1 (2019-10-01)

Bug Fixes

1.10.0 (2019-09-27)

Bug Fixes

Features

  • appmesh: eagerly validate healthCheck settings (#4221) (84a1b45)
  • core: context lookup errors are reported to CX app (#3772) (b0267e4), closes #3654
  • ec2: add custom userdata factory (#4193) (3a9f4c8)
  • ec2: add sourceDestCheck to instance (#4186) (6e75168)
  • ec2: let Instance be IGrantable (#4190) (87f096e)
  • ecr-assets: Support .dockerignore (faster Docker builds) (#4104) (8389eeb)
  • ecs: add protocol option and default certificate for HTTPS services (#4120) (e02c6cc)
  • ecs: add URL output for LB services (#4238) (38d78ed)
  • ecs-patterns: support propagateTags and ecsManagedTags (#4100) (caa0077), closes #3979
  • eks: retrieve ami with ssm (#4156) (622a4e1)
  • eks: upgrade latest kubertenes version to 1.14 (#4157) (c7def91)
  • elasticloadbalancingv2: add Instance target (#4187) (f11bece)
  • s3-deployment: allow specifying memory limit (#4204) (84e1d4b), closes #4058
  • ses-actions: move SES rule actions to separate package (#4163) (a9fef66), closes #3726
  • publish construct tree into the cloud assembly (#4194) (3cca03d)

BREAKING CHANGES

  • ses-actions: adding an action to a receipt rule now requires an integration object from the @aws-cdk/aws-ses-actions package.

1.9.0 (2019-09-19)

Bug Fixes

  • apigateway: cross-stack lambda integration causes a cyclic reference (#4010) (17fc967), closes #3705 #3000
  • apigateway: json schema additionalProperties should be boolean (#3997) (73a1de1)
  • cloudfront: actually default 'compress' to true (#3359) (364fd56)
  • core: stack.urlSuffix is no longer scoped (#4011) (82e08bc), closes #3970
  • ec2: fix subnet selection on looked-up VPCs (#4090) (4a113e6), closes #3650
  • ec2: improve errors around subnet selection (#4089) (2392108), closes #3859
  • elbv2: allow multiple certificates on ALB listener (#4116) (d1f8e5c), closes #3757
  • elbv2: fix cross-stack use of ALB (#4111) (7dfd6be)
  • elbv2: unhealthyHostCount metric case fix (#4133) (899656c)
  • events: remove custom resource for fargate event target (#3952) (920f12f), closes #3930
  • events: remove policy statement from CF template when using AwsApi (#4037) (2e67c2d)
  • route53: remove http:// from bucket target (#4070) (621441d)

Features

BREAKING CHANGES

  • s3-deployment: Property source is now sources and is a Source array

1.8.0 (2019-09-10)

Bug Fixes

  • app-delivery: action template filename incorrect (#3986) (f6ef79d), closes #3595
  • certificatemanager: increase minimum validation total timeout (#3914) (4973a8c)
  • custom-resources: correctly handle booleans conversion (#4000) (77105ab), closes #3933
  • dynamodb: prevent "StreamARN not found for resource" errors (#3935) (617ef82)
  • ecs: separate application and network load balanced services (#3719) (21eb835)
  • events: fromObject handles regular and field tokens together (#3916) (b01f62d), closes #3915
  • iam: only attach policies to imported roles if the accounts match (#3716) (87db7aa), closes #2985 #3025

Code Refactoring

Features

BREAKING CHANGES

  • assets: assets no longer expose a property contentHash. Use sourceHash as a good approximation. if you have a strong use case for content hashes, please raise a github issue and we will figure out a solution.
  • dynamodb: fix
  • ecs: The LoadBalancedServiceBase, LoadBalancedEc2Service and LoadBalancedFargateService constructs have been separated out into Application and Network LoadBalancedService constructs for both Ec2 and Fargate Services.

1.7.0 (2019-09-05)

Bug Fixes

  • codepipeline: insufficient deploy cross-account CFN role S3 permissions (#3855) (09304f7), closes #3765
  • ecs: default ecsmanagedtags and propagatetags to be undefined (#3887) (1f589a3)
  • init-templates: add typesRoot compiler option for TypeScript templates (#3865) (2c9bafa), closes #3830
  • init-templates: fix to include environments and CDK files to .gitignore for Python templates (#3863) (e4f9677), closes #2842
  • lambda: environment var values are strings (#3858) (f892312), closes #3337
  • s3-deployment: CallerReference has to be unique (#3880) (16eb658)

Features

  • ecs,lambda,rds: specify allowAllOutbound when importing security groups (#3833) (5ef34a1)
  • events: validate MessageGroupId is specified only for FIFO queues (#3811) (cc88f1a)
  • upgrade to CloudFormation specification 6.0.0 (#3942) (27de0a0)

BREAKING CHANGES

  • ecs,lambda,rds: securityGroupId: string replaced by securityGroup: ISecurityGroup when importing a cluster/instance in @aws-cdk/aws-rds

1.6.1 (2019-08-29)

Bug Fixes

1.6.0 (2019-08-27)

Bug Fixes

  • aws-stepfunctions: refactor sagemaker tasks and fix default role issue (#3014) (d8fcb50)
  • cli: update bit.ly link to use GitHub link directly (#3782) (042fb53)
  • ec2: also add egress rules for allowInternally() (#3741) (051aacb), closes #3254
  • ec2: fix error when using Tokens in Vpc.fromLookup() (#3740) (004077f), closes #3600
  • ec2: throw useful error when using lazy CIDR in VPC (#3739) (c92e9a9), closes #3617
  • ecs: IAM role ARN must not specific region. (#3755) (210ed8f), closes #3733
  • events: fix ECS target in Isolated subnet (#3786) (8bbc7e6)
  • iam: make User implement IUser (#3738) (05e13f3), closes #3490
  • lambda: generate correct metrics for aliases (#3728) (ce08853), closes #3724
  • lambda/rds: allow to specify a role for log retention lambda (#3730) (013cab6), closes #3685
  • scaling: don't fail when using Tokens (#3758) (0a2ed3d)

Features

BREAKING CHANGES

  • ec2: By default, egress rules are not created anymore on imported security groups. This can be configured by setting allowAllOutbound: false upon importing.

1.5.0 (2019-08-20)

Bug Fixes

  • aws-cdk: update Java template to new builder style (#3723) (ab07af1)
  • ecr: set correct resource policy for ecr repository (#3590) (30f3968)
  • events-targets: allow adding same fargate task to multiple rules (#3576) (5b109f9), closes #3574
  • iam: support NotActions/NotResources (#964) (#3677) (a8ee987)
  • kms: append aliasName only after first (#3659) (77671ad)
  • region-info: IAM service principal for China regions (#3491) (013c181)
  • s3-deployment: custom resource fails to run aws-cli (#3668) (6eabe6d), closes #3656

Features

  • bootstrap: force toolkit bucket private (#3695) (d1ee4ba)
  • cloudformation: Update CloudFormation spec to 5.2.0 (#3710) (ab86df7)
  • cloudformation: update cloudformation spec to v5.1.0 (#3670) (15f01d0)
  • eks: output update-kubeconfig command (04d88fb), closes #3664
  • eks: output update-kubeconfig command (#3669) (9e46532), closes #3664
  • events-targets: allow specifying event for codebuild project target (#3637) (c240e1e)

BREAKING CHANGES

  • aws-cdk: Java builders no longer use the "with" prefix.
  • eks: cluster name output will not be synthesized by default. instead we synthesize an output that includes the full aws eks update-kubeconfig command. You can enable synthesis of the cluster name output using the outputClusterName: true options.

1.4.0 (2019-08-14)

Bug Fixes

  • acm: validated certificate survives eventual consistency in service (#3528) (e7eabca), closes #3527
  • ec2: allow adding gateway endpoints to imported VPC (#3509) (b5db88d), closes #3171 #3472
  • typo in restapi.ts (#3530) (8381683)
  • apigateway: allow reusing lambda integration for multiple apis (#3532) (6e6440a)
  • apigateway: invalid schema generated due to un-mapped ref (#3258) (254f62c)
  • asg/ec2: fix value of defaultChild (#3572) (c95eab6), closes #3478
  • aws-ecs: ensure cluster attributes are accessible from constructor’s props (#3020) (24ebec8)
  • cdk-dasm: update README and fix small typo (#3565) (92b5c2d)
  • ci: add "do-not-merge" label auto-merge block (#3553) (0c806a6)
  • cli: support aws:// prefix for bootstrap command (#3599) (8ac7389)
  • core: correct return type of Fn.getAtt (#3559) (02ef2dc)
  • core: fix detection of references in Fn.join (#3569) (0a2540b), closes #3554
  • core: fix use of references in toJsonString() (#3568) (0fc2c3b)
  • ecs: update driverOpts type definition from array to map (#3358) (65e4a5d)
  • events: simplify the cache key for cross-account targets (#3526) (db7dc2e)
  • java: surpress maven output in cdk.json (#3624) (02e097b), closes #3571
  • kms: allow multiple addAlias calls on single key (#3596) (54f8ea9)
  • lambda: allow ArnPrincipal in grantInvoke (#3501) (e222e87), closes #3264
  • sqs: do not emit grants to the AWS-managed encryption key (#3169) (07f017b), closes #2794
  • ssm: add GetParameters action to grantRead() (#3546) (ebaa1b5)

Code Refactoring

  • stepfunctions-tasks: make integrationPattern an enum (#3115) (fa48e89), closes #3114

Features

BREAKING CHANGES

  • eks: clusters will be created with a default capacity of x2 m5.large instances. You can specify defaultCapacity: 0 if you wish to disable.
  • stepfunctions-tasks: To define a callback task, users should specify "serviceIntegrationPattern: sfn.ServiceIntegrationPattern.WAIT_FOR_TASK_TOKEN" instead of "waitForTaskToken: true". For a sync task, users should use "serviceIntegrationPattern: sfn.ServiceIntegrationPattern.SYNC" in the place of "synchronous: true".

1.3.0 (2019-08-02)

Bug Fixes

  • aws-ecs-patterns: update ecs-patterns to be consistent across constructs (#3404) (f7fbbe0)
  • aws-kms: Incomplete KMS Resource Policy Permissions (#3459) (1280071), closes #3458 #3458
  • cli: conversion of "tags" filter for EC2 DescribeVpcs call (#3393) (cf2e3f6), closes #3372
  • cli: correctly handle tags when deploying multiple stacks (#3455) (4cb9755), closes #3471
  • core: stop relying on === to find PhysicalName.GENERATE_IF_NEEDED (#3506) (c7e9dfb)
  • iam: correctly limit the default PolicyName to 128 characters (#3487) (8259756), closes #3402
  • toolkit: avoid EMFILE and preserve mode when zipping (#3428) (750708b), closes #3145 #3344 #3413

Features

1.2.0 (2019-07-25)

Bug Fixes

Features

1.1.0 (2019-07-18)

Bug Fixes

  • codepipeline: invoked Lambda doesn't have permissions to the pipeline bucket (#3303) (50c7319), closes #3274
  • logs: fix infinite retention for jsii users (#3250) (0b1ea76)

Features

1.0.0 (2019-07-09)

General Availability of the AWS Cloud Development Kit!! 🎉🎉🥂🥂🍾🍾

We are excited to announce the 1.0.0 release of the AWS CDK – including GA support for TypeScript, JavaScript, and Python!

We want to thank all of our early customers, and the hundreds of contributors, for all the help and support in making this release a reality. Thank you for the patience to deal with the many, many breaking changes that happened along the way. This product would not be what it is today if it weren't for all the feedback, diligent issue reporting (bugs, missing features, unclear documentation, etc.), and code contributions from the community.

Special thanks go out to a few of our most prolific contributors who went above and beyond to help improve the CDK:

1.0.0 is a huge milestone for us, but it's still only the beginning! We are excited to continue evolving the CDK, to introduce support for new languages and capabilities, and to continue working closely with the open-source community.

Bug Fixes

  • cli: output message when successfully synthesizing multiple stacks (#3259) (0c30f12)
  • python: Make sure stack name in the init template does not contain illegal characters (#3261) (7d22b2c)

0.39.0 (2019-07-08)

Bug Fixes

  • codepipeline: mark crossRegionReplicationBuckets and crossRegionSupport as experimental. (#3226) (f8256e7)
  • assets: packages assets, aws-ecr-assets and aws-s3-assets are now experimental instead of stable

BREAKING CHANGES

  • codepipeline: Pipeline.crossRegionReplicationBuckets is now experimental
  • codepipeline: Pipeline.crossRegionSupport is now experimental
  • codepipeline: CrossRegionSupport is now experimental
  • assets: package assetsis now experimental instead of stable
  • aws-ecr-assets: package aws-ecr-assetsis now experimental instead of stable
  • aws-s3-assets: package aws-s3-assetsis now experimental instead of stable

0.38.0 (2019-07-08)

Bug Fixes

Features

  • use classes for structs in Python (#3232) (161a459)
  • codebuild: allow specifying principals and credentials for pulling build images. (#3049) (3319fe5), closes #2175

BREAKING CHANGES

  • codebuild: LinuxBuildImage.fromDockerHub() has been renamed to fromDockerRegistry() and WindowsBuildImage.fromDockerHub() has been renamed to fromDockerRegistry()
  • iam: aws-iam.User and Group: managedPolicyArns => managedPolicies.
  • in all identifiers, renamed IPv4 => Ipv4, IPv6 => Ipv6, AZs => Azs.

0.37.0 (2019-07-04)

Bug Fixes

BREAKING CHANGES

  • core: construct.findChild() now only looks up direct children
  • ec2: Port.toRuleJSON was renamed to toRuleJson
  • codebuild: PipelineProject.addSecondaryArtifact now returns void (formerly any)
  • codebuild: Project.addSecondaryArtifact now returns void (formerly any)

0.36.2 (2019-07-03)

Bug Fixes

  • cli: generate metadata resource for region-independent stacks (#3149) (0fb7ea3), closes #3142
  • cli: stop processing on metadata errors (#3168) (0936bde)
  • codepipeline: correctly pass the replication buckets to Action.bind() (#3131) (99ae5e7)
  • codepipeline: grant missing permisisons to the CloudFormationExecuteChangeSetAction. (#3178) (958acc2), closes #3160
  • codepipeline: grant the CodeCommit source Action read-write permissions to the Pipeline's Bucket. (#3175) (bd46e49), closes #3170
  • core: prevent volatile physical name generation (#2984) (af2680c)
  • ecs: remove temporary workaround for long arn support (#3072) (9fdb63f), closes #2176

Features

  • codedeploy: allow setting a Deployment Configuration for an imported Lambda Deployment Group. (#3158) (05a49f0)
  • iam: can configure 'deny' for policy statements (#3165) (6679e86)

0.36.1 (2019-07-01)

Bug Fixes

  • aws-codepipeline-actions: use SecretValue (#3097) (b84caab)
  • cli: fix broken sample-app templates for TypeScript and JavaScript (#3101) (800ecf2)
  • cli: fix broken test in Java init template (#3108) (f696efc), closes #3065
  • cli: fix Python sample-app template (#3071) (796d6bb), closes #3058 #3069
  • cli: improve description of --json to reflect behavior (#3086) (68cfa54), closes #2965
  • cli: Python blank app should call app.synth(), not app.run() (16345dc), closes #3123
  • cli: update TypeScript lib init template (#3134) (629e963)
  • code: make CfnResource#_toCloudFormation null-safe (#3121) (71cb421), closes #3093
  • codepipeline-actions: set service as backing resource for EcsDeployAction (#3085) (f2293e0)
  • core: improve context providers error message for env-agnostic stacks (#3137) (5b80146), closes #2922 #3078 #3120 #3130
  • documentation: auto-labeling fixed (#3089) (7fb82ad)
  • documentation: removed duplicate generated template (#3090) (590b05c)
  • elasticloadbalancingv2: fix to be able to set deregistrationDelay (#3075) (22ab4b4)
  • events: correct token resolution in RuleTargetInput (#3127) (a20c841), closes #3119
  • sns: create subscriptions in consumer scope (#3065) (64a203f), closes #3064

Features

0.36.0 (2019-06-24)

Bug Fixes

Code Refactoring

Features

BREAKING CHANGES

  • IMPORTANT: previous versions of the CDK CLI will not be fully compatible with this version of the framework and vice versa.
  • core: the @aws-cdk/cdk module was renamed to @aws-cdk/core, python: aws_cdk.core, java: the artifact cdk in groupId software.amazon.awscdk was renamed to core
  • all enum and public static readonly members have been renamed to use "ALL_CAPS" capitalization
  • properties throughout the AWS Construct Libraries that represent lengths of time have been re-typed to be @aws-cdk/cdk.Duration instead of number, and were renamed to exclude any unit indication.
  • core: The deprecated app.run() has been removed (use app.synth()).
  • core: The CfnResource.options property was renamed to CfnResource.cfnOptions to avoid conflicts with properties introduced by derived classes.
  • core CfnXxx.cfnResourceTypeName is now CFN_RESOURCE_TYPE_NAME in generated CFN resources.
  • core: ContextProvider is no longer designed to be extended. Use ContextProvider.getValue and ContextProvider.getKey as utilities.
  • core: Context.getSsmParameter has been removed. Use ssm.StringParameter.valueFromLookup
  • core: Context.getAvailabilityZones has been removed. Use stack.availabilityZones
  • core: Context.getDefaultAccount and getDefaultRegion have been removed an no longer available. Use the environment variables CDK_DEFAULT_ACCOUNT and CDK_DEFAULT_REGION instead.
  • core: StackProps.autoRun was renamed to StackProps.autoSynth.
  • core: CfnElement.refAsString renamed to ref of string type. The IResolvable version have been removed.
  • core: IStringValue renamed to IStringProducer
  • core: Include renamed to CfnInclude
  • core: Cfn prefix was added to the following types: CfnCreationPolicy, CfnResourceAutoScalingCreationPolicy, CfnResourceAutoScalingCreationPolicy, CfnDeletionPolicy, CfnUpdatePolicy, CfnAutoScalingRollingUpdate, CfnAutoScalingReplacingUpdate, CfnAutoScalingScheduledAction, CfnCodeDeployLambdaAliasUpdate, CfnTag CfnRuleAssertion, CfnDynamicReferenceProps
  • core: deepMerge is no longer exported.
  • core: CfnOutputProps.export was renamed to exportName.
  • core: CfnOutput all properties are now private
  • core: StringListCfnOutput has been removed
  • core: all instance methods of Fn were made static, and the Fn constructor was made private.
  • ec2: VpcNetworkProvider has been removed. Use Vpc.fromLookup.
  • ec2: ec2.MachineImage will now resolve AMIs from SSM during deployment.
  • ecs: ecs.EcsOptimizedAmi will now resolve AMis from SSM during deployment.
  • ecs: previously, the default generation is conditionally set to Amazon Linux v1 if hardwareType was STANDARD. Now it always defaults to Amazon Linux v2.
  • ecs: service.clusterName has been replaced with .cluster.
  • sam requiredTransform is now REQUIRED_TRANSFORM in generated code.
  • cloudformation: the AwsCustomResource class was moved to a new module called @aws-cdk/custom-resource
  • codepipeline: the capabilities property is now an array to support multiple capabilities.
  • codepipeline: the Pipeline construction property crossRegionReplicationBuckets now takes values of type IBucket instead of string.
  • corepipeline: the property Pipeline.crossRegionScaffoldStacks has been renamed to crossRegionSupport, and its type changed from CrossRegionScaffoldStack to CrossRegionSupport.
  • codepipeline-actions: rename CodeCommitAction.pollForSourceChanges to trigger and make it an enum.
  • codepipeline-actions: rename S3SourceAction.pollForSourceChanges to trigger, and make it an enum.
  • codepipeline-actions: rename StageAddToPipelineProps interface to StageOptions.
  • codepipeline-actions: remove the classes CloudFormationAction and CloudFormationDeployAction.
  • route52: HostedZoneProvider has been removed. Use HostedZone.fromLookup.

0.35.0 (2019-06-19)

Bug Fixes

Code Refactoring

Features

  • cli: Expose props in CFN resources and remove propertyOverrides (#2372) (#2372) (aa61dfb), closes #2100
  • cli: deploy/destory require explicit stack selection if app contains more than a single stack (#2772) (118a716), closes #2731
  • cli: Remove stack rename support (#2819) (0f30e39), closes #2670
  • cloudformation: add option to restrict data returned AwsCustomResource (#2859) (a691900), closes #2825
  • cloudformation: Add removalPolicy on CustomResource (#2770) (859248a)
  • cloudfront: add Lambda associations (#2760) (b088c8c)
  • codepipeline: final form of the CodeBuild Pipeline action. (#2716) (c10fc9a)
  • core: show token creation stack trace upon resolve error (#2886) (f4c8dcd)
  • ecs: add metrics for Fargate services (#2798) (acf015d)
  • ecs-patterns: LoadBalancedFargateService - allow specifying containerName and role (#2764) (df12197)
  • elasticloadbalancing: add crossZone load balancing (#2787) (192bab7), closes #2786
  • lambda: Expose $LATEST function version (#2792) (55d1bc8), closes #2776
  • s3: add CORS Property to S3 Bucket (#2101) (#2843) (1a386d8)
  • s3: add missing storage classes and API cleanups (#2834) (5cd9609), closes #2708
  • stepfunctions: add grantStartExecution() (#2793) (da32176)
  • stepfunctions: add support for AmazonSageMaker APIs (#2808) (8b1f3ed), closes #1314
  • stepfunctions: waitForTaskToken for Lambda, SQS, SNS (#2686) (d017a14), closes #2658 #2735
  • formalize the concept of physical names, and use them for cross-environment CodePipelines. (#1924) (6daaca8)

BREAKING CHANGES

  • assets: AssetProps.packaging has been removed and is now automatically discovered based on the file type.
  • assets: ZipDirectoryAsset has been removed, use aws-s3-assets.Asset.
  • assets: FileAsset has been removed, use aws-s3-assets.Asset.
  • lambda: Code.directory and Code.file have been removed. Use Code.asset.
  • assets-docker: The module has been renamed to aws-ecr-assets
  • ecs: the property that specifies the type of EC2 AMI optimized for ECS was renamed to hardwareType from hwType.
  • codebuild: the method addToRoleInlinePolicy in CodeBuild's Project class has been removed.
  • dynamodb: TableOptions.pitrEnabled renamed to pointInTimeRecovery.
  • dynamodb: TableOptions.sseEnabled renamed to serverSideEncryption.
  • dynamodb: TableOptions.ttlAttributeName renamed to timeToLiveAttribute.
  • dynamodb: TableOptions.streamSpecification renamed stream.
  • ecs: ContainerImage.fromAsset() now takes only build directory directly (no need to pass scope or id anymore).
  • secretsmanager: ISecret.secretJsonValue renamed to secretValueFromJson.
  • ssm: ParameterStoreString has been removed. Use StringParameter.fromStringParameterAttributes.
  • ssm: ParameterStoreSecureString has been removed. Use StringParameter.fromSecureStringParameterAttributes.
  • ssm: ParameterOptions.name was renamed to parameterName.
  • logs: newStream renamed to addStream and doesn't need a scope
  • logs: newSubscriptionFilter renamed to addSubscriptionFilter and doesn't need a scope
  • logs: newMetricFilter renamed to addMetricFilter and doesn't need a scope
  • logs: NewSubscriptionFilterProps renamed to SubscriptionProps
  • logs: NewLogStreamProps renamed to LogStreamOptions
  • logs: NewMetricFilterProps renamed to MetricFilterOptions
  • logs: JSONPattern renamed to JsonPattern
  • apigateway: MethodOptions.authorizerId is now called authorizer and accepts an IAuthorizer which is a placeholder interface for the authorizer resource.
  • apigateway: restapi.executeApiArn renamed to arnForExecuteApi.
  • apigateway: restapi.latestDeployment and deploymentStage are now read-only.
  • events: EventPattern.detail is now a map.
  • events: scheduleExpression: string is now schedule: Schedule.
  • multiple modules have been changed to use cdk.RemovalPolicy to configure the resource's removal policy.
  • core: applyRemovalPolicy is now CfnResource.applyRemovalPolicy.
  • core: RemovalPolicy.Orphan has been renamed to Retain.
  • core: RemovalPolicy.Forbid has been removed, use Retain.
  • ecr: RepositoryProps.retain is now removalPolicy, and defaults to Retain instead of remove since ECR is a stateful resource
  • kms: KeyProps.retain is now removalPolicy
  • logs: LogGroupProps.retainLogGroup is now removalPolicy
  • logs: LogStreamProps.retainLogStream is now removalPolicy
  • rds: DatabaseClusterProps.deleteReplacePolicy is now removalPolicy
  • rds: DatabaseInstanceNewProps.deleteReplacePolicy is now removalPolicy
  • codebuild: rename BuildSource to Source, S3BucketSource to S3Source, BuildArtifacts to Artifacts, S3BucketBuildArtifacts to S3Artifacts
  • codebuild: the classes CodePipelineBuildSource, CodePipelineBuildArtifacts, NoBuildSource, and NoBuildArtifacts have been removed
  • codebuild: rename buildScriptAsset and buildScriptAssetEntrypoint to buildScript and buildScriptEntrypoint, respectively
  • cli: All L1 ("Cfn") Resources attributes are now prefixed with attr instead of the resource type. For example, in S3 bucket.bucketArn is now bucket.attrArn.
  • propertyOverrides has been removed from all "Cfn" resources, instead users can now read/write resource properties directly on the resource class. For example, instead of lambda.propertyOverrides.runtime just use lambda.runtime.
  • codepipeline: the property designating the name of the stage when creating a CodePipeline is now called stageName instead of name
  • codepipeline: the output and extraOutputs properties of the CodeBuildAction were merged into one property, outputs.
  • lambda:
    • Renamed Function.addLayer to addLayers and made it variadic
    • Removed IFunction.handler property
    • Removed IVersion.versionArn property (the value is at functionArn)
    • Removed SingletonLayerVersion
    • Stopped exporting LogRetention
  • cli: if an app includes more than one stack "cdk deploy" and "cdk destroy" now require that an explicit selector will be passed. Use "cdk deploy '*'" if you want to select all stacks.
  • iam: PolicyStatement no longer has a fluid API, and accepts a props object to be able to set the important fields.
  • iam: rename ImportedResourcePrincipal to UnknownPrincipal.
  • iam: managedPolicyArns renamed to managedPolicies, takes return value from ManagedPolicy.fromAwsManagedPolicyName().
  • iam: PolicyDocument.postProcess() is now removed.
  • iam: PolicyDocument.addStatement() renamed to addStatements.
  • iam: PolicyStatement is no longer IResolvable, call .toStatementJson() to retrieve the IAM policy statement JSON.
  • iam: AwsPrincipal has been removed, use ArnPrincipal instead.
  • s3: s3.StorageClass is now an enum-like class instead of a regular enum. This means that you need to call .value in order to obtain it's value.
  • s3: s3.Coordinates renamed to s3.Location
  • codepipeline: Artifact.s3Coordinates renamed to Artifact.s3Location.
  • codebuild: buildSpec argument is now a BuildSpec object.
  • lambda: lambda.Runtime.NodeJS* are now lambda.Runtime.Nodejs*
  • core: multiple changes to the Stack API
  • core: stack.name renamed to stack.stackName
  • core: stack.stackName will return the concrete stack name. Use Aws.stackName to indicate { Ref: "AWS::StackName" }.
  • core: stack.account and stack.region will return the concrete account/region only if they are explicitly specified when the stack is defined (under the env prop). Otherwise, they will return a token that resolves to the AWS::AccountId and AWS::Region intrinsic references. Use Context.getDefaultAccount() and Context.getDefaultRegion() to obtain the defaults passed through the toolkit in case those are needed. Use Token.isUnresolved(v) to check if you have a concrete or intrinsic.
  • core: stack.logicalId has been removed. Use stack.getLogicalId()
  • core: stack.env has been removed, use stack.account, stack.region and stack.environment instead
  • core: stack.accountId renamed to stack.account (to allow treating account more abstractly)
  • core: AvailabilityZoneProvider can now be accessed through Context.getAvailabilityZones()
  • core: SSMParameterProvider can now be accessed through Context.getSsmParameter()
  • core: parseArn is now Arn.parse
  • core: arnFromComponents is now arn.format
  • core: node.lock and node.unlock are now private
  • core: stack.requireRegion and requireAccountId have been removed. Use Token.unresolved(stack.region) instead
  • core: stack.parentApp have been removed. Use App.isApp(stack.node.root) instead.
  • core: stack.missingContext is now private
  • core: stack.renameLogical have been renamed to stack.renameLogicalId
  • core: IAddressingScheme, HashedAddressingScheme and LogicalIDs are now internal. Override Stack.allocateLogicalId to customize how logical IDs are allocated to resources.
  • cli: The CLI no longer accepts --rename, and the stack names are now immutable on the stack artifact.
  • sns: using a queue, lambda, email, URL as SNS Subscriber now requires an integration object from the @aws-cdk/aws-sns-subscribers package.
  • ecs-patterns: Renamed QueueWorkerService for base, ec2 and fargate to QueueProcessingService, QueueProcessingEc2Service, and QueueProcessingFargateService.
  • iam: roleName in RoleProps is now of type PhysicalName
  • s3: bucketName in BucketProps is now of type PhysicalName
  • codebuild: roleName in RoleProps is now of type PhysicalName

0.34.0 (2019-06-07)

Bug Fixes

  • build: Correct buildspec so it does not fail (#2737) (e362ac8)
  • certificatemanager: correct certificateArn typo in the README (#2712) (2bfc1c2)
  • cli: don't fail if region cannot be determined (#2721) (0c72ef3), closes #2697
  • cli: remove support for applets (#2691) (0997ee2)
  • cloudwatch: move SNS Alarm Action to aws-cloudwatch-actions (#2688) (e3df21a)
  • codebuild: grant the Project's Role permissions to the KMS Key if it was passed. (#2715) (4e12fe6)
  • core: apply overrides after rendering properties (#2685) (f2636e5), closes #2677
  • core: Make filterUndefined null-safe (#2789) (e4fb811), closes awslabs/jsii#523
  • ecs: remove LoadBalancedFargateServiceApplet, no longer supported (#2779) (a610017)
  • ecs-patterns: expose service on queue worker services (#2780) (6d83cb9)
  • pkglint: Adjust stability banner style (#2768) (da94d8b)
  • route53: support zone roots as record names (#2705) (08a2852)
  • stepfunctions: improve Task payload encoding (#2706) (1c13faa)

Code Refactoring

Features

BREAKING CHANGES

  • route53: recordValue: string prop in route53.TxtRecord changed to values: string[]
  • recordValue prop in route53.CnameRecord renamed to domainName
  • route53.AliasRecord has been removed, use route53.ARecord or route53.AaaaRecord with the target prop.
  • kms: The EncryptionKeyAlias class was renamed to Alias. Associated types (such as EncryptionKeyAliasProps) were renamed in the same way.
  • cli: This release requires CDK CLI >= 0.34.0
  • core: App.run() was renamed to App.synth() (soft deprecation, it will be removed in the next release).
  • core: node.stack is now Stack.of(construct) (fixes #2766)
  • core: node.resolve has been moved to stack.resolve.
  • core: node.stringifyJson has been moved to stack.stringifyJson.
  • core: node.validateTree is now ConstructNode.validate(node)
  • core: node.prepareTree is now ConstructNode.prepare(node)
  • core: node.getContext is now node.tryGetContext
  • core: node.recordReference is now node.addReference
  • core: node.apply is now node.applyAspect
  • core: node.ancestors() is now node.scopes
  • core: node.required has been removed.
  • core: node.typename has been removed.
  • core: node.addChild is now private
  • core: node.findReferences() is now node.references
  • core: node.findDependencies() is now node.dependencies
  • core: stack.dependencies() is now stack.dependencies
  • core: CfnElement.stackPath has been removed.
  • core: CloudFormationLang is now internal (use stack.toJsonString())
  • cloudwatch: using an SNS topic as CloudWatch Alarm Actxion now requires an integration object from the @aws-cdk/aws-cloudwatch-actions package.
  • event-targets: targets.EcsEc2Task renamed to targets.EcsTask
  • SNS - Subscription endpoint is now type string (previously any)
  • Step Functions - result in the Pass state is now type map (previously any)
  • the following modules are no longer released: @aws-cdk/applet-js, @aws-cdk/aws-autoscaling-api, @aws-cdk/aws-codedeploy-api
  • cli: applets are no longer supported as an app type, use "decdk" instead.
  • core: Properties passed to addPropertyOverride should match in capitalization to the CloudFormation schema (normally pascal case). For example, addPropertyOverride('accessControl', 'xxx') should now be addPropertyOverride('AccessControl', 'xxx').
  • rds: rds.RotationSingleUser renamed to rds.SecretRotation
  • rds: rds.ClusterParameterGroup no longer has setParameter() and removeParameter() methods, use the parameters prop directly in the constructor instead.

0.33.0 (2019-05-30)

IMPORTANT: apps created with the CDK version 0.33.0 and above cannot be used with an older CLI version.

Bug Fixes

  • core: Fn.cidr should return a list and not a string (#2678) (9d2ea2a), closes #2671
  • cli: fix ts-node usage on Windows (#2660) (5fe0af5)
  • cli: make cdk docs open the new API reference (#2633) (6450758)
  • cli: correctly pass build args to docker build (#2634) (9c58d6f)
  • core: hide dependencyRoots from public API (#2668) (2ba5ad2), closes #2348
  • autoscaling: move lifecycle hook targets to their own module (#2628) (b282132), closes #2447
  • codepipeline: no longer allow providing an index when adding a Stage to a Pipeline. (#2624) (ce39b12)
  • codepipeline-actions: correctly serialize the userParameters passed to the Lambda invoke Action. (#2537) (ceaf54a)
  • cx-api: improve compatibility messages for cli <=> app (#2676) (38a9894)
  • ecs: move high level ECS constructs into aws-ecs-patterns (#2623) (f901313)
  • logs: move log destinations into 'aws-logs-destinations' (#2655) (01601c2), closes #2444
  • s3: move notification destinations into their own module (#2659) (185951c), closes #2445

Features

BREAKING CHANGES

  • logs: using a Lambda or Kinesis Stream as CloudWatch log subscription destination now requires an integration object from the @aws-cdk/aws-logs-destinations package.
  • codepipeline-actions: removed the addPutJobResultPolicy property when creating LambdaInvokeAction.
  • cli: --interactive has been removed
  • cli: --numbered has been removed
  • cli: --staging is now a boolean flag that indicates whether assets should be copied to the --output directory or directly referenced (--no-staging is useful for e.g. local debugging with SAM CLI)
  • assets: Assets (e.g. Lambda code assets) are now referenced relative to the output directory.
  • assert: SynthUtils.templateForStackName has been removed (use SynthUtils.synthesize(stack).template).
  • cx-api: cxapi.SynthesizedStack renamed to cxapi.CloudFormationStackArtifact with multiple API changes.
  • core: cdk.App.run() now returns a cxapi.CloudAssembly instead of cdk.ISynthesisSession.
  • s3: using a Topic, Queue or Lambda as bucket notification destination now requires an integration object from the @aws-cdk/aws-s3-notifications package.
  • autoscaling: using a Topic, Queue or Lambda as Lifecycle Hook Target now requires an integration object from the @aws-cdk/aws-autoscaling-hooktargets package.
  • codepipeline: the property atIndex has been removed from the StagePlacement interface.
  • aws-ecs: These changes move all L3 and higher constructs out of the aws-ecs module into the aws-ecs-patterns module. The following constructs have been moved into the aws-ecs-patterns module: EcsQueueWorkerService, FargateQueueWorkerService, LoadBalancedEcsService, LoadBalancedFargateService and LoadBalancedFargateServiceApplets.
  • cloudwatch: rename leftAxisRange => leftYAxis, rightAxisRange => rightYAxis, rename YAxisRange => YAxisProps.

0.32.0 (2019-05-24)

Bug Fixes

  • update all 'onXxx' methods to be CloudWatch Events (#2609) (28942d2), closes #2278
  • appscaling: fix StepScaling (#2522) (1f004f6)
  • aws-ecs: allow linux parameters to be settable (#2397) (417e5e8), closes #2380
  • aws-glue: fix glue tableArn and integer schema name (#2585) (99e173e)
  • cdk: CfnMapping.findInMap with tokens (#2531) (756e2b6), closes #1363
  • cloudfront: Use regional endpoint for S3 bucket origins (64c3c6b)
  • codebuild: correctly pass the VPC subnet IDs to the Policy Statement's condition when using a VPC. (#2506) (145da28), closes #2335
  • codecommit: add a Repository.fromRepositoryName() method. (#2515) (6fc3718), closes #2514
  • codedeploy: change the load balancer API in server Deployment Group. (#2548) (8e05d49), closes #2449
  • codepipeline: correctly validate Artifacts used by Actions in the same Stage. (#2558) (cfe46f6), closes #2549
  • core: Correctly search for loaded modules in node 12 (#2612) (286866a), closes nodejs/node#27583
  • ec2: allow disabling privateDnsEnabled on VPCs (#2596) (4d2fbe9), closes #2556
  • ec2: fix VPC endpoint name for SageMaker Notebooks (#2598) (aec8ec2)
  • iam: allow CompositePrincipal construction with spread (#2507) (eb13741)
  • lambda: compare Runtimes by value instead of identity (#2543) (584579e)
  • lambda: deprecate old Lambda runtimes (#2594) (20f4ec1)
  • route53-targets: move Alias Targets into their own package (#2617) (f40fe98), closes #2448
  • s3: Make IBucket.arnForObject accept only (exactly) one key pattern (5ac6e77)

Code Refactoring

Features

BREAKING CHANGES

  • route53-targets: using a CloudFront Distribution or an ELBv2 Load Balancer as an Alias Record Target now requires an integration object from the @aws-cdk/aws-route53-targets package.
  • s3: The IBucket.arnForObject method no longer concatenates path fragments on your behalf. Pass the /-concatenated key pattern instead.
  • All export methods from all AWS resources have been removed. CloudFormation Exports are now automatically created when attributes are referenced across stacks within the same app. To export resources manually, you can explicitly define a CfnOutput.
  • kms: kms.EncryptionKey renamed to kms.Key
  • ec2: ec2.VpcNetwork renamed to ec2.Vpc
  • ec2: ec2.VpcSubnet renamed to ec2.Subnet
  • cloudtrail: cloudtrail.CloudTrail renamed to cloudtrail.Trail`
  • Deleted a few XxxAttribute and XxxImportProps interfaces which were no longer in used after their corresponding export method was deleted and there was no use for them in imports.
  • ecs: ecs.ClusterAttributes now accepts IVpc and ISecurityGroup instead of attributes. You can use their corresponding fromXxx methods to import them as needed.
  • servicediscovery: servicediscovery.CnameInstance.instanceCname renamed to cname.
  • glue: glue.IDatabase.locationUrl is now only in glue.Database (not on the interface)
  • ec2: ec2.TcpPortFromAttribute and UdpPortFromAttribute removed. Use TcpPort and UdpPort with new Token(x).toNumber instead.
  • ec2: ec2.VpcNetwork.importFromContext renamed to ec2.Vpc.fromLookup
  • iam: iam.IRole.roleId has been removed from the interface, but Role.roleId is still available for owned resources.
  • codedeploy: the type of the loadBalancer property in ServerDeploymentGroupProps has been changed.
  • apigateway: apigateway.ResourceBase.trackChild is now internal.
  • cloudfront: cloudfront.S3OriginConfig.originAccessIdentity is now originAccessIdentityId
  • codedeploy: codedeploy.LambdaDeploymentGroup.alarms is now cloudwatch.IAlarm[] (previously cloudwatch.Alarm[])
  • codepipeline: codepipeline.crossRegionScaffoldingStacks renamed to crossRegionScaffolding
  • codepipeline: codepipeline.CrossRegionScaffoldingStack renamed to codepipeline.CrossRegionScaffolding and cannot be instantiated (abstract)
  • ec2: ec2.VpcSubnet.addDefaultRouteToNAT renamed to addDefaultNatRoute and made public
  • ec2: ec2.VpcSubnet.addDefaultRouteToIGW renamed to addDefaultInternetRoute, made public and first argument is the gateway ID (string) and not the CFN L1 class
  • ecs: ecs.Ec2EventRuleTarget.taskDefinition is now ITaskDefinition (previously TaskDefinition)
  • lambda: lambda.IEventSource.bind now accepts IFunction instead of FunctionBase. Use IFunction.addEventSourceMapping to add an event source mapping under the function.
  • lambda: lambda.Layer.grantUsage renamed to lambda.layer.addPermission and returns void
  • stepfunctions: stepfunctions.StateMachine.role is now iam.IRole (previously iam.Role)
  • cloudwatch-events: the events API has been significantly re-worked
    • ⚠️ This new API is still being discussed (see #2609) and might change again in the next release!
    • All onXxx() CloudWatch Event methods now have the signature: 
      resource.onEvent('SomeId', {
    target: new SomeTarget(...),
    // options
});
    • CloudWatch:
      • onAlarm was renamed to addAlarmAction
      • onOk was renamed to addOkAction
      • onInsufficientData was renamed to addInsufficientDataAction
    • AutoScaling:
      • onLifecycleTransition was renamed to addLifecycleHook
    • LambdaDeploymentGroup
      • onPreHook was renamed to addPreHook
      • onPostHook was renamed to addPostHook
    • UserPool:
      • all onXxx were renamed to addXxxTrigger
    • Repository:
      • onImagePushed was renamed to onCloudTrailImagePushed
    • Bucket:
      • onEvent was renamed to addEventNotification
      • onObjectCreated was renamed to addObjectCreatedNotification
      • onObjectRemoved was renamed to addObjectRemovedNotification
      • onPutObject was renamed to onCloudTrailPutObject

0.31.0 (2019-05-06)

Bug Fixes

Code Refactoring

Features

  • bootstrap: allow specifying the toolkit staging bucket name (#2407) (3bfc641), closes #2390
  • codebuild: add webhook Filter Groups. (#2319) (fd74d07), closes #1842
  • elbv2: add fixed response support for application load balancers (#2328) (750bc8b)

BREAKING CHANGES

  • all Foo.import static methods are now Foo.fromFooAttributes
  • all FooImportProps structs are now called FooAttributes
  • stepfunctions.StateMachine.export has been removed.
  • ses.ReceiptRule.name is now ses.ReceiptRule.receiptRuleName
  • ses.ReceiptRuleSet.name is now ses.ReceiptRuleSet.receiptRuleSetName
  • secretsmanager.AttachedSecret is now called secretsmanager.SecretTargetAttachment to match service semantics
  • ecr.Repository.export has been removed
  • s3.Bucket.bucketUrl is now called s3.Bucket.bucketWebsiteUrl
  • lambda.Version.functionVersion is now called lambda.Version.version
  • ec2.SecurityGroup.groupName is now ec2.SecurityGroup.securityGroupName
  • cognito.UserPoolClient.clientId is now cognito.UserPoolClient.userPoolClientId
  • apigateway.IRestApiResource is now apigateway.IResource
  • apigateway.IResource.resourcePath is now apigateway.IResource.path
  • apigateway.IResource.resourceApi is now apigateway.IResource.restApi

0.30.0 (2019-05-02)

Bug Fixes

Code Refactoring

Features

  • cdk-test: check API compatibility (#2356) (1642925), closes #145
  • codepipeline: allow creation of GitHub Pipelines without source trigger (#2332) (ed39a8c)
  • elbv2: add TLS listener for NLB (#2122) (71d694f)

BREAKING CHANGES

  • s3.Bucket.domainName renamed to s3.Bucket.bucketDomainName.
  • codedeploy.IXxxDeploymentConfig.deploymentConfigArn is now a property and not a method.
  • ec2.SecurityGroupBase is now private
  • ec2.VpcNetworkBase is now private
  • kinesis.StreamBase is now private
  • kms.EncryptionKeyBase is now private
  • logs.LogGroupBase is now private
  • ssm.ParameterBase is now private
  • eks.ClusterBase is now private
  • codebuild.ProjectBase is now private
  • codecommit.RepositoryBase is now private
  • codedeploy.ServerDeploymentGroupBase is now private
  • eks.ClusterBase is now private
  • lambda.LayerVersionBase is now private
  • rds.DatabaseClusterBase is now private
  • secretsmanager.SecretBase is now private
  • ses.ReceiptRuleSetBase is now private
  • codepipeline: the pollForSourceChanges property in GitHubSourceAction has been renamed to trigger, and its type changed from a boolean to an enum.

0.29.0 (2019-04-24)

Bug Fixes

  • acm: enabled validation of certificates on the zone name (#2133) (f216f96)
  • aws-apigateway: add integrationHttpMethod prop to AwsIntegration (#2160) (dfc6665), closes #2105
  • aws-cloudwatch: remove workaround on optional DashboardName (6c73d8a), closes #213
  • aws-ecs: fix default daemon deploymentConfig values (#2210) (c2e806b), closes #2209
  • aws-ecs: handle long ARN formats for services (#2176) (66df1c8), closes #1849
  • aws-lambda: fix circular dependency with lambda and codedeploy (#2236) (382da6a)
  • certificatemanager: remove bundled lambda devdependencies (#2186) (6728b41)
  • codebuild: add validation for Source when the badge property is true (#2242) (07812b2), closes #1749
  • core: allow CfnMapping.findInMap to use pseudo functions/params (#2220) (464cb6f), closes #1363
  • core: Use different symbol for Stack.isStack versus CfnReference.isCfnReference (#2305) (c1e41ed)
  • decdk: set the timeout in the schema tests to 10 seconds. (#2250) (8521b6f)
  • dynamodb: remove global secondary index limit (#2301) (43afa3a), closes #2262
  • ecr: Fix typo in ImportRepository error message (#2217) (b7c9b21)
  • elasticloadbalancingv2: dependency between ALB and logging bucket (#2221) (99e085d), closes #1633
  • java-app-template: invoke app.run() (#2300) (47ff448), closes #2289 awslabs/jsii#456
  • lambda: avoid OperationAbortedException when using log retention (#2237) (12a118c)
  • s3: Add validations for S3 bucket names (#2256) (f810265), closes #1308
  • servicediscovery: allow to register multiple instances on a service (#2207) (9f88696)
  • toolkit: don't fail when terminal width is 0 (#2355) (9c2220c), closes #2253
  • toolkit: fix broken confirmation prompt (#2333) (4112c84)
  • toolkit: options requiring arguments fail if not supplied (#2197) (0f6ce56), closes #2192
  • toolkit: remove metadata warning if region does not have resource (#2216) (22ed67c)
  • toolkit: stop 'cdk doctor' from printing AWS_ variables (#2357) (6209c6b), closes #1931
  • codebuild: remove oauthToken property from source (#2252) (8705af3), closes #2252 #2199
  • aws-ec2: correct InstanceSize.Nano spelling (#2215) (d22a154), closes #2215 #2214

Features

  • aws-dynamodb-global: global dynamodb tables (experimental) (#2251) (ec367c8)
  • aws-events-targets: centralized module for cloudwatch event targets (#2343) (1069938)
  • cdk-dasm: generate cdk code from cloudformation (#2244) (b707782)
  • cloudwatch: add support for time ranges in dashboards (#2248) (18c1723)
  • codebuild: add support for more images (#2233) (87b1ea0), closes #2079
  • codepipeline: add ECS deploy Action. (#2050) (d46b814), closes #1386
  • codepipeline: change to stand-alone Artifacts. (#2338) (b778e10)
  • codepipeline: make the default CodePipeline Bucket have an encryption key (#2241) (ef9bba5), closes #1924
  • core: verify CfnOutput has a value and fix VPC export (#2219) (9e87661), closes #2012
  • events-targets: LambdaFunction (#2350) (48d536b), closes #1663
  • ec2: add support for vpc endpoints (#2104) (bbb3f34)
  • lambda: introduce a new kind of Code, CfnParametersCode. (#2027) (4247966)
  • cfnspec: update CloudFormation resources to v2.30.0 (#2239) (aebcde5)
  • toolkit: stage assets under .cdk.assets (#2182) (2f74eb4), closes #1716 #2096

BREAKING CHANGES

  • cloudwatch: Renamed MetricCustomization to MetricOptions.
  • codepipeline: CodePipeline Actions no longer have the outputArtifact and outputArtifacts properties.
  • codepipeline: inputArtifact(s) and additionalInputArtifacts properties were renamed to input(s) and extraInputs.
  • codepipeline: outputArtifactName(s) and additionalOutputArtifactNames properties were renamed to output(s) and extraOutputs.
  • codepipeline: The classes CodeBuildBuildAction and CodeBuildTestAction were merged into one class CodeBuildAction.
  • codepipeline: The classes JenkinsBuildAction and JenkinsTestAction were merged into one class JenkinsAction.
  • events-targets: lambda.Function no longer implements IEventRuleTarget. Instead, use @aws-cdk/aws-events-targets.LambdaFunction.
  • aws-events-targets: sns.Topic no longer implements IEventRuleTarget. Use @aws-cdk/aws-events-targets.SnsTopic instead.
  • codebuild: codebuild.Project no longer implements IEventRuleTarget. Use @aws-cdk/aws-events-targets.CodeBuildProject.
  • core: the cdk.Root construct has been removed. Use cdk.App instead.
  • stepfunctions: In stepfunctions.WaitProps: the props seconds, timestamp, secondsPath and timestampPath are now duration of a union-like class WaitDuration (e.g. duration: WaitDuration.seconds(n))
  • codedeploy: In codedeploy.ServerDeploymentConfigProps: the props minHealthyHostCount and minHealthyHostPercentage are now minimumHealthyHosts of union-like class MinimumHealthyHosts (e.g. minimumHealthyHosts: MinimumHealthyHosts.percentage(50))
  • cloudformation: In cloudformation.CustomResourceProps: the props topicProvider and lambdaProvider are now provider of union-like class CustomResourceProvider (e.g. CustomResourceProvider.lambda(fn)
  • cloudformation: cloudformation.CustomResource no longer extends CfnCustomResource.
  • ssm: ssm.ParameterProps renamed to ssm.ParameterOptions.
  • codepipeline: customers who use GitHub, GitHubEnterprise or Bitbucket as source will need to remove the oauthToken field as it's no longer available.
  • codebuild: change the default image from UBUNTU_14_04_BASE to UBUNTU_18_04_STANDARD.
  • ec2: aws-ec2.InstanceSize.None was renamed to InstanceSize.Nano
  • ec2: * vpc.selectSubnetIds(...) has been replaced with vpc.selectSubnets(...).subnetIds.
  • You will not be able to combine jsii libraries written against previous versions of jsii with this version of the CDK.

0.28.0 (2019-04-04)

Bug Fixes

Code Refactoring

  • cdk: introduce SecretValue to represent secrets (#2161) (a3d9f2e)

Features

  • codepipeline: move all of the Pipeline Actions to their dedicated package. (#2098) (b314ecf)
  • codepipeline: re-factor the CodePipeline Action bind method to take a Role separately from the Pipeline. (#2085) (ffe0046)
  • ec2: support reserving IP space in VPCs (#2090) (4819ff4)
  • Add python support to cdk init (#2130) (997dbcc)
  • ecs: support AWS Cloud Map (service discovery) (#2065) (4864cc8), closes #1554
  • lambda: add a newVersion method. (#2099) (6fc179a)
  • update CloudFormation resource spec to v2.29.0 (#2170) (ebc490d)

BREAKING CHANGES

  • The secretsmanager.SecretString class has been removed in favor of cdk.SecretValue.secretsManager(id[, options])
  • The following prop types have been changed from string to cdk.SecretValue: codepipeline-actions.AlexaSkillDeployAction.clientSecret, codepipeline-actions.AlexaSkillDeployAction.refreshToken, codepipeline-actions.GitHubSourceAction.oauthToken, iam.User.password
  • secretsmanager.Secret.stringValue and jsonFieldValue have been removed. Use secretsmanage.Secret.secretValue and secretJsonValue instead.
  • secretsmanager.Secret.secretString have been removed. Use cdk.SecretValue.secretsManager() or secretsmanager.Secret.import(..).secretValue.
  • The class cdk.Secret has been removed. Use cdk.SecretValue instead.
  • The class cdk.DynamicReference is no longer a construct, and it's constructor signature was changed and was renamed cdk.CfnDynamicReference.
  • grant(function.role) and grant(project.role) are now grant(function) and grant(role).
  • core: Replace use of cdk.Secret with secretsmanager.SecretString (preferred) or ssm.ParameterStoreSecureString.
  • codepipeline: this changes the package of all CodePipeline Actions to be aws-codepipeline-actions.
  • codepipeline: this moves all classes from the aws-codepipeline-api package to the aws-codepipeline package.
  • codepipeline: this changes the CodePipeline Action naming scheme from .PipelineAction (s3.PipelineSourceAction) to codepipeline_actions.Action (codepipeline_actions.S3SourceAction).

0.27.0 (2019-03-28)

Highlights

  • Python support (experimental)
  • You can now run the CLI through npx cdk
  • Make sure to go through the BREAKING CHANGES section below

Bug Fixes

  • autoscaling: verify public subnets for associatePublicIpAddress (#2077) (1e3d41e)
  • ec2: descriptive error message when selecting 0 subnets (#2025) (0de2206), closes #2011
  • lambda: use Alias ARN directly (#2091) (bc40494)
  • rds: remove Instance class (#2081) (6699fed)
  • secretsmanager: allow templated string creation (#2010) (4e105a3)
  • secretsmanager/ssm: verify presence of parameter name (#2066) (b93350f)
  • serverless: rename aws-serverless to aws-sam (#2074) (4a82f13)
  • stepfunctions: make Fail.error optional (#2042) (86e9d03)

Code Refactoring

Features

  • toolkit:: new 'cdk' package to allow executing the cli through npx cdk (#2113) (32bca05)
  • Python Support (#2009) (e6083fa)
  • core: present reason for cyclic references (#2061) (e82e208)
  • lambda: add support for log retention (#2067) (63132ec), closes #667 #667
  • rds: cluster retention, reference KMS key by object (#2063) (99ab46d)
  • secretsmanager/rds: support credential rotation (#2052) (bf79c82)
  • toolkit: introduce the concept of auto-deployed Stacks. (#2046) (abacc66)

BREAKING CHANGES

  • lambda: cloudWatchLogsRetentionTimeDays in @aws-cdk/aws-cloudtrail now uses a logs.RetentionDays instead of a LogRetention.
  • core: stack._toCloudFormation method is now unavailable and is replaced by @aws-cdk/assert.SynthUtils.toCloudFormation(stack).
  • rds: replaced kmsKeyArn: string by kmsKey: kms.IEncryptionKey in DatabaseClusterProps
  • autoscaling: VpcNetwork.isPublicSubnet() has been renamed to VpcNetwork.isPublicSubnetIds().
  • serverless: renamed aws-serverless to aws-sam
  • ec2: vpcPlacement has been renamed to vpcSubnets on all objects, subnetsToUse has been renamed to subnetType. natGatewayPlacement has been renamed to natGatewaySubnets.
  • All properties of all structs (interfaces that do not begin with an "I") are now readonly since it is passed by-value and not by-ref (Python is the first language to require that). This may impact code in all languages that assumed it is possible to mutate these structs. Let us know if this blocks you in any way.

0.26.0 (2019-03-20)

Bug Fixes

Code Refactoring

Features

  • aws-cdk: support fixed repository name for DockerImageAsset (#2032) (942f938)
  • aws-rds: ability to add an existing security group to RDS cluster (#2021) (1f24336)
  • cfn2ts: make cfn2ts output TSDoc-compatible docblocks (#2000) (c6c66e9)
  • cfnspec: update to version 2.28.0 (#2035) (6a671f2)
  • cloudformation: allow specifying additional inputs for deploy Actions (#2020) (2d463be), closes #1247
  • core: can use Constructs to model applications (#1940) (32c2377), closes #1479
  • ecs: support private registry authentication (#1737) (11ed691), closes #1698
  • glue: add L2 resources for Database and Table (#1988) (3117cd3)
  • region-info: Model region-specific information (#1839) (946b444), closes #1282
  • servicediscovery: AWS Cloud Map construct library (#1804) (1187366)
  • ses: add constructs for email receiving (#1971) (3790858)
  • add more directories excluded and treated as source in the JetBrains script. (#1961) (a1df717)

BREAKING CHANGES

  • “toCloudFormation” is now internal and should not be called directly. Instead use “app.synthesizeStack”
  • ecs: ContainerImage.fromDockerHub has been renamed to ContainerImage.fromRegistry.
  • rename Condition to CfnCondition.
  • rename StackElement to CfnElement.
  • rename Parameter to CfnParameter.
  • rename Resource to CfnResource.
  • rename Output to CfnOutput.
  • rename Mapping to CfnMapping.
  • rename Referenceable to CfnRefElement.
  • rename IConditionExpression to ICfnConditionExpression.
  • rename CfnReference to Reference.
  • rename Rule to CfnRule.

0.25.3 (2019-03-12)

Bug Fixes

  • aws-cloudtrail: correct created log policy when sendToCloudWatchLogs is true (#1966) (f06ff8e)
  • aws-ec2: All SSM WindowsVersion entries (#1977) (85a1840)
  • decdk: relax validation when not using constructs (#1999) (afbd591)

Features

0.25.2 (2019-03-07)

Bug Fixes

  • awslint: Don't fail if the @aws-cdk/cdk module is not present (#1953) (929e854)
  • cdk-integ: Update cdk-integ to use new context file (#1962) (dbd2401)
  • cloudfront: allow IBucket as CloudFront source (855f1f5), closes #1946
  • cloudfront: pass viewerProtocolPolicy to the distribution's behaviors (#1932) (615ecd4)
  • eks: remove 'const' from NodeType enum (#1970) (ac52989), closes #1969
  • init: update the C# init sample with the new App API (#1919) (02f991d)

Features

0.25.1 (2019-03-04)

Bug Fixes

0.25.0 (2019-02-28)

Bug Fixes

  • toolkit: Don't collect runtime information when versionReporting is disabled (#1890) (f827a88)
  • aws-codepipeline: update CFN example. (#1653) (5dec01a)
  • aws-s3-deployment: add setup.cfg to fix pip install bug on mac (#1826) (759c708)
  • cdk: move apply() from Construct to ConstructNode (#1738) (642c8a6), closes #1732
  • cloudtrail: addS3EventSelector does not expose all options (#1854) (5c3431b), closes #1841
  • cloudtrail: Invalid resource for policy when using sendToCloudWatchLogs (#1851) (816cfc0), closes #1848
  • cloudwatch: fix name of 'MetricAlarmProps' (#1765) (c87f09a), closes #1760
  • codebuild: accept IRole instead of Role (#1781) (f08ca15), closes #1778
  • codedeploy: LambdaDeploymentGroup now takes IRole (#1840) (f6adb7c), closes #1833
  • codepipeline: allow providing Tokens as the physical name of the Pipeline. (#1800) (f6aea1b), closes #1788
  • core: improve error message if construct names conflict (#1706) (0ea4a78)
  • core: performance improvements (#1750) (77b516f)
  • ecs: rename capacity adding methods (#1715) (e3738ac)
  • elbv2: explicitly implement IApplicationTargetGroup (#1806) (828a2d7), closes #1799
  • init: add new parameter to C# example (#1831) (c7b99d8)
  • kms: have EncryptionKeyBase implement IEncryptionKey (#1728) (49080c6)
  • lambda: Add 'provided' runtime (#1764) (73d5bef), closes #1761
  • lambda: add region check for environment variables (#1690) (846ed9f)
  • ssm: Generate correct SSM Parameter ARN (#1726) (39df456)
  • toolkit: correctly reset context from the shell command (#1903) (58025c0)
  • toolkit: correcty load cdk.json file without context (#1900) (7731565)
  • toolkit: ignore hidden files for 'cdk init' (#1766) (afdd173), closes #1758
  • toolkit: only fail if errors are on selected stacks (#1807) (9c0cf8d), closes #1784 #1783
  • toolkit: support diff on multiple stacks (#1855) (72d2535)
  • build: Npm ignores files and folders named "core" by default (#1767) (42876e7), closes npm/npm-packlist#24
  • core: stack.partition is never scoped (#1763) (c968588)

Features

  • apigateway: add support for MethodResponse to aws-apigateway. (#1572) (46236d9)
  • autoscaling: bring your own IAM role (#1727) (2016b8d), closes #1701
  • aws-eks: add construct library for EKS (#1655) (22fc8b9), closes #991
  • cfnspec: manually add VPCEndpointService (#1734) (f782958), closes #1659
  • codebuild: add support for setting the gitCloneDepth property on Project sources. (#1798) (5408a53), closes #1789
  • core: Add construct.node.stack attribute (#1753) (a46cfd8), closes #798
  • dynamodb: partitionKey and sortKey are now immutable (#1744) (63ae0b4)
  • ecs: allow ECS to be used declaratively (#1745) (2480f0f), closes #1618
  • kms: Allow opting out of "Retain" deletion policy (#1685) (7706302)
  • lambda: allow specify event sources in props (#1746) (a84157d)
  • lambda-event-sources: "api" event source (#1742) (5c11680)
  • route53: Convenience API for creating zone delegations (#1853) (f974531), closes #1847
  • sns: Support raw message delivery (#1827) (cc0a28c)
  • ssm: allow referencing "latest" version of SSM parameter (#1768) (9af36af), closes #1587
  • toolkit: improve docker build time in CI (#1776) (1060b95), closes #1748
  • codepipelines: re-structure the CodePipeline Construct library API. (#1590) (3c3db07)
  • decdk: Prototype for declarative CDK (decdk) (#1618) (8713ac6)

BREAKING CHANGES

  • cloudtrail: The CloudTrail.addS3EventSelector accepts an options object instead of only a ReadWriteType value.
  • codedeploy: If an existing role is provided to a LambdaDeploymentGroup, you will need to provide the assuming service principal (codedeploy.amazonaws.com) yourself.
  • core:$$** 'Aws' class returns unscoped Tokens, introduce a new class 'ScopedAws' which returns scoped Tokens.
  • ssm: Rename parameter.valueAsString => parameter.stringValue, rename parameter.valueAsList => parameter.stringListValue, rename ssmParameter.parameterValue => ssmParameter.stringValue or ssmParameter.stringListValue depending on type, rename secretString.value => secretString.stringValue, rename secret.toSecretString() =>secret.secretString
  • cloudwatch: Rename 'MetricAarmProps' => 'MetricAlarmProps'.
  • core: Stack.find(c) and Stack.tryFind(c) were replaced by c.node.stack.
  • dynamodb: partitionKey is now a required property when defining a dynamodb.Table. The addPartitionKey and addSortKey methods have been removed.
  • cdk: Tag aspects use this feature and any consumers of this implementation must change from myConstruct.apply( ... ) to myConstruct.node.apply( ... ).
  • ecs: Rename 'addDefaultAutoScalingGroupCapacity' => 'addCapacity', 'addAutoScalingGroupCapacity' => 'addAutoScalingGroup'.
  • codepipelines: the CodePipeline Stage class is no longer a Construct, and cannot be instantiated directly, only through calling Pipeline#addStage; which now takes an Object argument instead of a String.
  • codepipelines: the CodePipeline Actions are no longer Constructs.
  • codepipelines: the CodePipeline Action name is now part of the Action props, instead of being a separate parameter.
  • codepipelines: the Pipeline#addToPipeline methods in Resources like S3, CodeBuild, CodeCommit etc. have been renamed to toCodePipelineAction.
  • aws-eks: For AutoScalingGroup, renamed minSize => minCapacity, maxSize => maxCapacity, for consistency with desiredCapacity and also Application AutoScaling. For ECS's addDefaultAutoScalingGroupCapacity(), instanceCount => desiredCapacity and the function now takes an ID (pass "DefaultAutoScalingGroup" to avoid interruption to your deployments).

0.24.1 (2019-02-07)

Bug Fixes

  • reference documentation is missing (8fba8bc)

0.24.0 (2019-02-06)

Bug Fixes

Features

  • aws-s3: add option to specify block public access settings (#1664) (299fb6a)
  • cdk: aspect framework and tag implementation (#1451) (f7c8531), closes #1136 #1497 #360
  • cdk: metric functions now automatically generated (#1617) (36cfca8)
  • cognito: Implement user pool and user pool client constructs (#1615) (8e03ed6)
  • core: overrideLogicalId: override IDs of CFN elements (#1670) (823a1e8), closes #1594
  • secretsmanager: L2 construct for Secret (#1686) (8da9115)
  • serverless: add AWS::Serverless::Application to CFN spec (#1634) (bfa40b1)
  • ssm: Add L2 resource for SSM Parameters (#1515) (9858a64)

BREAKING CHANGES

  • cdk: if you are using TagManager the API for this object has completely changed. You should no longer use TagManager directly, but instead replace this with Tag Aspects. cdk.Tag has been renamed to cdk.CfnTag to enable cdk.Tag to be the Tag Aspect.

0.23.0 (2019-02-04)

Bug Fixes

Features

  • alexa-ask: Add deploy action for Alexa (#1613) (0deea61)
  • apigateway: support function alias in LambdaIntegration (9f8bfa5)
  • app: add source map support to TS app template (#1581) (5df22d9), closes #1579
  • autoscaling: Support AssociatePublicIpAddress (#1604) (23c9afc), closes #1603
  • aws-codepipeline: support setting a Role for a CFN Action (#1449) (77fe077)
  • aws-ecs: add additional configuration to Volume (#1357) (ff96f3f)
  • aws-ecs: add support for Event Targets (#1571) (aa68db5), closes #1370
  • aws-ecs: ECS service scaling on ALB RequestCount (#1574) (2b491d4)
  • aws-s3: add the option to not poll to the CodePipeline Action. (#1260) (876b26d)
  • cdk: Support UpdateReplacePolicy on Resources (#1610) (f49c33b)
  • cdk: treat the "fake" CFN intrinsics (Fn::GetArtifactAtt, Fn::GetParam) specially when stringifying JSON. (#1605) (2af2426), closes #1588
  • cfnspec: Upgrade to CFN Resource Specification v2.21.0 (#1622) (21a5529)
  • cloudwatch: Support 'datapointsToAlarm' on Alarms (#1631) (828ac20), closes #1626
  • core: Generalization of dependencies (#1583) (53e68257)
  • ecs: environment variables for LoadBalancedXxxService (#1537) (b633505)
  • ecs: VPC link for API Gatweay and ECS services (#1541) (6642ca2)
  • iam: Make roleName available on IRole (#1589) (9128390)
  • lambda: reserved concurrent executions (#1560) (f7469c1)
  • lambda: Support AWS Lambda Layers (#1411) (036cfdf)
  • s3: Add DeployAction for codepipeline (#1596) (8f1a5e8)
  • s3: export bucket websiteURL (#1521) (#1544) (4e46d3c)
  • s3: imported bucket format option for website URL format (#1550) (28a423d)
  • toolkit: disable colors if a terminal is not attached to stdout (#1641) (58b4685)

BREAKING CHANGES

  • aws-codepipeline: the role property in the CloudFormation Actions has been renamed to deploymentRole.
  • aws-codepipeline: the role property in the app-delivery package has been renamed to deploymentRole.

0.22.0 (2019-01-10)

This is a major release with multiple breaking changes in the core layers. Please consult the breaking changes section below for details.

We are focusing these days on finalizing the common patterns and APIs of the CDK framework and the AWS Construct Library, which is why you are seeing all these breaking changes. Expect a few more releases with changes of that nature as we stabilize these APIs, so you might want to hold off with upgrading. We will communicate when this foundational work is complete.

Bug Fixes

  • core: automatic cross-stack refs for CFN resources (#1510) (ca5ee35)
  • ecs: correct typo and other minor mistakes in ecs readme (#1448) (9c91b20)
  • elbv2: unable to specify load balancer name (#1486) (5b24583), closes #973 #1481
  • lambda: use IRole instead of Role to allow imports (#1509) (b909dcd)
  • toolkit: fix typo in --rename option description (#1438) (1dd56d4)
  • toolkit: support multiple toolkit stacks in the same environment (#1427) (095da14), closes #1416

Features

BREAKING CHANGES

  • Cross-stack references: if you are using export() and import() to share constructs between stacks, you can stop doing that, instead of FooImportProps accept an IFoo directly on the consuming stack, and use that object as usual.
  • ArnUtils.fromComponents() and ArnUtils.parse() have been moved onto Stack.
  • All CloudFormation pseudo-parameter (such as AWS::AccountId etc) are now also accessible via Stack, as stack.accountId etc.
  • All CloudFormation intrinsic functions are now represented as static methods under the Fn class (e.g. Fn.join(...) instead of new FnJoin(...).toString())
  • resolve() has been moved to this.node.resolve().
  • CloudFormationJSON.stringify() has been moved to this.node.stringifyJson(). validate() now should be protected.
  • The deprecated cloudformation.XxxResource classes have been removed. Use the CfnXxx classes instead.
  • Any CfnXxx resource attributes that represented a list of strings are now typed as string[]s (via #1144). Attributes that represent strings, are still typed as string (#712) and all other attribute types are represented as cdk.Token.
  • route53: The route53.TXTRecord class was renamed to route53.TxtRecord.
  • route53: record classes now require a zone when created (not assuming zone is the parent construct).
  • lambda: the static "metric" methods moved from lambda.FunctionRef to lambda.Function.
  • Many AWS resource classes have been changed to conform to API guidelines:
    • XxxRef abstract classes are now IXxx interfaces
    • XxxRefProps are now XxxImportProps
    • XxxRef.import(...) are now Xxx.import(...) accept XxxImportProps and return IXxx
    • export(): XxxImportProps is now defined in IXxx and implemented by imported resources

0.21.0 (2018-12-20)

Bug Fixes

  • aws-cloudformation: change the type of Role in CodePipeline Actions to IRole. (#1364) (3d07e48), closes #1361
  • codebuild: Rename includeBuildID property of S3BucketBuildArtifacts (#1354) (84eb7ad), closes #1347
  • toolkit: scrutiny dialog should fail with no tty (#1382) (478a714), closes #1380

Features

BREAKING CHANGES

  • aws-cloudformation: this changes the type of the role property in CFN CodePipeline Actions from Role to IRole. This is needed to use imported Roles when creating Actions.
  • aws-codebuild: this changes the API of CodeBuild's GitHub and BitBucket Sources to take an owner/repo pair instead of an entire cloneUrl, to make it consistent with the GitHubSourceAction in the CodePipeline package. Also adds handling the reportBuildStatus and insecureSsl Source properties.
  • codebuild: the includeBuildID property of S3BucketBuildArtifacts was renamed to includeBuildId (note the lower-case trailing d).

0.20.0 (2018-12-13)

Bug Fixes

Features

BREAKING CHANGES

  • assert: the behavior change of haveResource can cause tests to fail. If allowing extension of the expected values is the intended behavior, you can switch to the haveResourceLike matcher instead, which exposes the previous behavior.

0.19.0 (2018-12-04)

Bug Fixes

Features

  • aws-codebuild: allow using docker image assets as build images (#1233) (72413c1), closes #1232 #1219
  • aws-codebuild: rename the Project methods for adding Actions to CodePipeline. (#1254) (825e448), closes #1211
  • aws-ecr: add an ECR Repository source CodePipeline Action. (#1255) (01cc8a2)
  • app-delivery: IAM policy for deploy stack (#1165) (edc9a21), closes #1165 #1151
  • Update to CloudFormation spec v2.16.0 (#1280) (9df5c54)

BREAKING CHANGES

  • aws-codebuild: ecr.RepositoryRef has been replaced by ecr.IRepository, which means that RepositoryRef.import is now Repository.import. Futhermore, the CDK Toolkit must also be upgraded since the docker asset protocol was modified. IRepository.grantUseImage was renamed to IRepository.grantPull.
  • aws-codebuild: addBuildToPipeline was renamed to addToPipeline and addTestToPipeline was renamed to addPipelineToTest in order to align with naming conventions.
  • CloudFormationCapabilities.IAM renamed to CloudFormation.AnonymousIAM and PipelineCloudFormationDeployActionProps.capabilities?: CloudFormationCapabilities[] has been changed to PipelineCloudFormationDeployActionProps.capabilities?: CloudFormationCapabilities no longer an array. PipelineCloudFormationDeployActionProps.fullPermissions?: has been renamed to PipelineCloudFormationDeployActionProps.adminPermissions: and is required instead of optional.

0.18.1 (2018-11-21)

Bug Fixes

0.18.0 (2018-11-19)

Bug Fixes

Features

  • aws-autoscaling: add instance AutoScaling (#1134) (d397dd7), closes #1042 #1113
  • aws-codebuild: add support for additional sources and artifact in Projects. (#1110) (d911b08)
  • aws-ec2: add VPC context provider (#1168) (e8380fa), closes #1095
  • aws-ecs: expose service and target group on the LoadBalancedFargateService (#1175) (e799699)
  • aws-ecs: instance autoscaling and drain hook (#1192) (811462e), closes #1162
  • aws-ecs: Support HTTPS in load balanced Fargate service (#1115) (76a5cc7)
  • aws-ecs: TLS support for Fargate service applet (#1184) (18166ce)
  • update to CloudFormation spec v2.13.0 (#1203) (c531c84)
  • aws-elasticloadbalancingv2: add metrics (#1173) (68d481d), closes #853
  • docs: getting started instructions for csharp (#1185) (2915ac1), closes #696
  • toolkit: add 'cdk context' command (#1169) (2db536e), closes #311
  • toolkit: by default hide AWS::CDK::Metadata from "cdk diff" (#1186) (ef0017a), closes #465
  • toolkit: improve diff user interface (#1187) (9c3c5c7), closes #1121 #1120
  • aws-codepipeline: switch to webhooks instead of polling by default for the GitHub (#1074)

BREAKING CHANGES

  • aws-codebuild: this changes the way CodeBuild Sources are constructed (we moved away from multiple parameters in the constructor, in favor of the more idiomatic property interface).
  • aws-elasticloadbalancingv2: targetGroup.listenerDependency() has been renamed to targetGroup.loadBalancerDependency().

0.17.0 (2018-11-14)

Bug Fixes

  • aws-ecs: remove DockerHub constructor class (#1153) (ed14638)
  • aws-ec2: add dependency on gateway attachment for public routes (#1142) (15b255c), closes #1140
  • s3-deployment: bundle modules correctly (#1154) (0cb1adf)

Features

  • aws-codedeploy: add an addToPipeline method to Deployment Group. (#1166) (bdbeb7c)
  • aws-codepipeline, aws-cloudformation: support cross-region CloudFormation pipeline action (#1152) (8e701ad)
  • toolkit: print available templates when --language is omitted (#1159) (5726c45)

BREAKING CHANGES

  • aws-ec2: Method signature of VpcPublicSubnet.addDefaultIGWRouteEntry changed in order to add a dependency on gateway attachment completing before creating the public route to the gateway. Instead of passing a gateway ID string, pass in a cloudformation.InternetGatewayResource object and a cloudformation.VPCGatewayAttachmentResource object.
  • If you were using DockerHub.image() to reference docker hub images, use ContainerImage.fromDockerHub() instead.

0.16.0 (2018-11-12)

Bug Fixes

  • aws-elasticloadbalancingv2: listener dependency (#1146) (e9d3d93), closes #1139
  • aws-elasticloadbalancingv2: unhealthy threshold (#1145) (a70a50d)

Features

  • aws-codedeploy: CodeDeploy Pipeline Action using the L2 DeploymentGroup Construct. (#1085) (ce999b6)
  • aws-route53: route53 Alias record support (#1131) (72f0124)
  • cdk: allow Tokens to be encoded as lists (#1144) (cd7947c), closes #744

BREAKING CHANGES

  • aws-codedeploy: this changes the API of the CodeDeploy Pipeline Action to take the DeploymentGroup AWS Construct as an argument instead of the names of the Application and Deployment Group.

0.15.2 (2018-11-08)

Bug Fixes

Features

  • aws-ecs: Add desired count to LoadBalanced[Fargate|EC2]Service (#1111) (cafcc11)

0.15.1 (2018-11-06)

Bug Fixes

  • Update peer dependencies to refer to correct version so NPM installs don't fail.
  • Switch back to js-yaml as yaml was emitting unquoted single colons as list elements.

0.15.0 (2018-11-06)

Bug Fixes

  • aws-autoscaling: allow minSize to be set to 0 (#1015) (67f7fa1)
  • aws-codebuild: correctly pass the timeout property to CFN when creating a Project. (#1071) (b1322bb)
  • aws-codebuild: correctly set S3 path when using it as artifact. (#1072) (f32cba9)
  • aws-kms: add output value when exporting an encryption key (#1036) (cb490be)
  • Switch from js-yaml to yaml (#1092) (0b132b5)

Features

  • don't upload the same asset multiple times (#1011) (35937b6), closes #989
  • app-delivery: CI/CD for CDK Stacks (#1022) (f2fe4e9)
  • add a new construct library for ECS (#1058) (ae03ddb)
  • applets: integrate into toolkit (#1039) (fdabe95), closes #849 #342 #291
  • aws-codecommit: use CloudWatch Events instead of polling by default in the CodePipeline Action. (#1026) (d09d30c)
  • aws-dynamodb: allow specifying partition/sort keys in props (#1054) (ec87331), closes #1051
  • aws-ec2: AmazonLinuxImage supports AL2 (#1081) (97b57a5), closes #1062
  • aws-lambda: high level API for event sources (#1063) (1be3442)
  • aws-sqs: improvements to IAM grants API (#1052) (6f2475e)
  • codepipeline/cfn: Use fewer statements for pipeline permissions (#1009) (8f4c2ab)
  • pkglint: Make sure .snk files are ignored (#1049) (53c8d76), closes #643
  • toolkit: deployment ui improvements (#1067) (c832eaf)
  • Update to CloudFormation resource specification v2.11.0

BREAKING CHANGES

  • The ec2.Connections object has been changed to be able to manage multiple security groups. The relevant property has been changed from securityGroup to securityGroups (an array of security group objects).
  • aws-codecommit: this modifies the default behavior of the CodeCommit Action. It also changes the internal API contract between the aws-codepipeline-api module and the CodePipeline Actions in the service packages.
  • applets: The applet schema has changed to allow Multiple applets can be define in one file by structuring the files like this:
  • applets: The applet schema has changed to allow definition of multiple applets in the same file.

The schema now looks like this:

applets:
  MyApplet:
    type: ./my-applet-file
    properties:
      property1: value
      ...

By starting an applet specifier with npm://, applet modules can directly be referenced in NPM. You can include a version specifier (@1.2.3) to reference specific versions.

  • aws-sqs: queue.grantReceiveMessages has been removed. It is unlikely that this would be sufficient to interact with a queue. Alternatively you can use queue.grantConsumeMessages or queue.grant('sqs:ReceiveMessage') if there's a need to only grant this action.

0.14.1 (2018-10-26)

Bug Fixes

  • aws-cdk: fix bug in SSM Parameter Provider (#1023) (6e6aa1d)

0.14.0 (2018-10-26)

IMPORTANT NOTE: when upgrading to this version of the CDK framework, you must also upgrade your installation the CDK Toolkit to the matching version:

$ npm i -g aws-cdk
$ cdk --version
0.14.0 (build ...)

Bug Fixes

Features

BREAKING CHANGES

  • DynamoDB AutoScaling: Instead of addReadAutoScaling(), call autoScaleReadCapacity(), and similar for write scaling.
  • CloudFormation resource usage: If you use L1s, you may need to change some XxxName properties back into Name. These will match the CloudFormation property names.
  • You must use the matching aws-cdk toolkit when upgrading to this version, or context providers will cease to work. All existing cached context values in cdk.json will be invalidated and refreshed.

0.13.0 (2018-10-19)

Highlights

  • A new construct library for AWS Step Functions (docs). The library provides rich APIs for modeling state machines by exposing a programmatic interface for Amazon State Language.
  • A new construct library for Amazon S3 bucket deployments (docs). You can use now automatically populate an S3 Bucket from a .zip file or a local directory. This is a building block for end-to-end support for static websites in the AWS CDK.

Bug Fixes

  • aws-apigateway: make LambdaRestApi proxy by default (#963) (a5f5e2c), closes #959
  • aws-cdk: Allow use of assumed roles behind a proxy (#898) (f2b1048)
  • aws-cdk: Auto-delete stacks that failed creating before new attempt (#917) (2af8309)
  • aws-cloudfront: expose distributionId (#938) (f58d98c)
  • aws-dynamodb: don't emit empty array properties (#909) (841975a)
  • docs: use ..code to display file structure in "writing constructs" (#935) (b743362)

Features

  • assets: isZipArchive indicates if this is a zip asset (#944) (65190f9)
  • aws-cdk: deploy supports CloudFormation Role (#940) (393be6f), closes #735
  • aws-cloudformation: allow specifying custom resource type (#943) (9de3a84)
  • aws-cloudformation: correctly handle the templateConfiguration property in the CreateUpdateStack Pipeline Action. (#923) (d251a46)
  • aws-cloudfront: add support for "webAclId" (#969) (3ec9d76)
  • aws-codedeploy: add auto rollback configuration to server Deployment Group. (#925) (7ee91cf)
  • aws-codedeploy: add instance tag filter support for server Deployment Groups. (#824) (e6e8c51)
  • aws-codedeploy: add support for setting CloudWatch alarms on a server Deployment Group. (#926) (27b26b1)
  • add support for Step Functions (#827) (81b533c)
  • aws-lambda: add grantInvoke() method (#962) (1ee8135), closes #961
  • aws-lambda: improvements to the code and runtime APIs (#945) (36f29b6), closes #902 #188 #947 #947 #664
  • aws-logs: extractMetric() returns Metric object (#939) (5558fff), closes #850
  • aws-s3: initial support for website hosting (#946) (2d3661c)
  • aws-s3-deployment: bucket deployments (#971) (84d6876), closes #952 #953 #954
  • docs: added link to CloudFormation concepts (#934) (666bbba)

BREAKING CHANGES

  • aws-apigateway: specifying a path no longer works. If you used to provide a '/', remove it. Otherwise, you will have to supply proxy: false and construct more complex resource paths yourself.
  • aws-lambda: The construct lambda.InlineJavaScriptLambda is no longer supported. Use lambda.Code.inline instead; lambda.Runtime.NodeJS43Edge runtime is removed. CloudFront docs stipulate that you should use node6.10 or node8.10. It is always possible to use any value by instantiating a lambda.Runtime object.

0.12.0 (2018-10-12)

IMPORTANT NOTE: This release includes a fix for a bug that would make the toolkit unusable for multi-stack applications. In order to benefit from this fix, a globally installed CDK toolkit must also be updated:

$ npm i -g aws-cdk
$ cdk --version
0.12.0 (build ...)

Like always, you will also need to update your project's library versions:

Language Update?
JavaScript/TypeScript (npm) npx npm-check-updates -u
Java (maven) mvn versions:use-latest-versions
.NET (NuGet) nuget update

Bug Fixes

  • aws-codebuild: allow passing oauth token to GitHubEnterpriseSource (#908) (c23da91)
  • toolkit: multi-stack apps cannot be synthesized or deployed (#911) (5511076), closes #868 #294 #910

Features

  • aws-cloudformation: add permission management to CreateUpdate and Delete Stack CodePipeline Actions. (#880) (8b3ae43)
  • aws-codepipeline: make input and output artifact names optional when creating Actions. (#845) (3d91c93)

BREAKING CHANGES

  • aws-codepipeline: this commit contains the following breaking changes:

    • Rename 'artifactName' in Action construction properties to 'outputArtifactName'
    • Rename the 'artifact' property of Actions to 'outputArtifact'
    • No longer allow adding output artifacts to Actions by instantiating the Artifact class
    • Rename Action#input/outputArtifacts properties to _input/_outputArtifacts

Previously, we always required customers to explicitly name the output artifacts the Actions used in the Pipeline, and to explicitly "wire together" the outputs of one Action as inputs to another. With this change, the CodePipeline Construct generates artifact names, if the customer didn't provide one explicitly, and tries to find the first available output artifact to use as input to a newly created Action that needs it, thus turning both the input and output artifacts from required to optional properties.

0.11.0 (2018-10-11)

IMPORTANT NOTE: This release includes a breaking change in the toolkit <=> app protocol. This means that in order to synthesize CDK apps that use this version, the globally installed CDK toolkit must also be updated:

$ npm i -g aws-cdk
$ cdk --version
0.11.0 (build ...)

Like always, you will also need to update your project's library versions:

Language Update?
JavaScript/TypeScript (npm) npx npm-check-updates -u
Java (maven) mvn versions:use-latest-versions
.NET (NuGet) nuget update

Bug Fixes

  • aws-apigateway: allow + in path parts (#769) (0c50d27), closes #768
  • aws-cdk: continue after exceptions in stack monitor (#791) (b0f3298), closes #787
  • aws-cloudfront: check for undefined and determining of the defaultRootObject prop is set or not (#801) (32a74c6)
  • aws-cloudfront: properly support loggingConfig (#809) (5512f70), closes #721
  • aws-codecommit: typo in README (#780) (0e79c2d)
  • aws-ec2: Add Burstable Generation 3 Instances (#812) (d36ee6d)
  • aws-ec2: fix capitalization of "VPCEndpointType" to "VpcEndpointType" (#789) (7a8ee2c), closes #765
  • aws-ec2: fix typo in resource identifier (#818) (f529c80)
  • aws-elbv2: fix load balancer registration (#890) (8cc9abe)
  • aws-s3: properly export bucketDomainName (#844) (a65060d)
  • aws-sqs: Queue.import() doesn't return a value (#885) (c592b7f), closes #879
  • cdk: fix TagManager to evaluate to undefined if no tags are included (#882) (477c827)
  • cdk: init templates were not upgraded to typescript ^3.0.0 (#904) (2cc7475)
  • cdk: jsx support conflicts with React usage (#884) (76d8031), closes #830
  • cfn2ts: expect Token instead of CloudFormationToken (#896) (6eee1d2)
  • docs: fix issue #718 (Aurora DB example) (#783) (016f3a8)
  • docs: update supported languages in README (#819, #450) (#820) (ffac98c)
  • Correct heading level of CHANGELOG.md 0.10.0 (40d9ef0)
  • Emit valid YAML-1.1 (#876) (ff857ea), closes #875
  • toolkit: improve error message for large templates (#900) (a41f48f), closes #34

Code Refactoring

Features

  • aws-apigateway: "LambdaRestApi" and "addProxy" routes (#867) (905a95d)
  • aws-cdk: add maven wrapper to java template (#811) (72aa872)
  • aws-cloudformation: rename the CFN CodePipeline Actions. (#771) (007e7b4)
  • aws-cloudformation: update the ReadMe of the module to reflect the new Action names. (#775) (6c0e75b), closes #771
  • aws-cloudfront: Support Security Policy (#804) (b39bf11), closes #795
  • aws-codedeploy: Add the auto-scaling groups property to ServerDeploymentGroup. (#739) (0b28886)
  • aws-codedeploy: Deployment Configuration Construct. (#653) (e6b67ad)
  • aws-codedeploy: support setting a load balancer on a Deployment Group. (#786) (e7af9f5)
  • aws-codepipeline: allow specifying the runOrder property when creating Actions. (#776) (d146c8d)
  • aws-codepipeline, aws-codecommit, aws-s3: change the convention for naming the source Actions to XxxSourceAction. (#753) (9c3ce7f)
  • aws-dynamodb: IAM grants support (#870) (c5a4200)
  • aws-dynamodb: support Global Secondary Indexes (#760) (3601440)
  • aws-dynamodb: tags support (#814) (924c84e)
  • aws-dynamodB: support Local Secondary Indexes (#825) (3175af3)
  • aws-ec2: add support for ICMP protocol's classification Types & Codes to SecurityGroupRule (#893) (85bd3c0)
  • aws-ec2: allow configuring subnets for NAT gateway (#874) (8ec761c)
  • aws-ec2: support UDP port ranges in SecurityGroups (#835) (b42ef90)
  • aws-elasticloadbalancingv2: support for ALB/NLB (#750) (bd9ee01)
  • aws-s3: support granting public access to objects (#886) (bdee191), closes #877
  • cdk: Add support for UseOnlineResharding with UpdatePolicies (#881) (1f717e1)
  • cdk: configurable default SSM context provider (#889) (353412b)
  • core: resource overrides (escape hatch) (#784) (5054eef), closes #606
  • aws-codepipeline: Manage IAM permissions for (some) CFN CodePipeline actions (#843) (4c69118)
  • toolkit: Stop creating 'empty' stacks (#779) (1dddd8a)
  • aws-autoscaling, aws-ec2: Tagging support for AutoScaling/SecurityGroup (#766) (3d48eb2)

BREAKING CHANGES

  • framework: The cdk.App constructor doesn't accept any arguments, and app.run() does not return a string anymore. All AWS CDK apps in all languages would need to be modified to adhere to the new API of the cdk.App construct.

    Instead of:

    const app = new App(process.argv); // ERROR
// add stacks
process.stdout.write(app.run());   // ERROR

    The new usage is:

    const app = new App();
// add stacks
app.run();

  • framework: The CDK is no longer shipped with built-in support for JSX. You can still use JSX but you will have to manually configure it.

  • aws-iam: PolicyDocument, PolicyStatement and all PolicyPrincipal classes moved from the @aws-cdk/cdk module and into the @aws-cdk/aws-iam module.

  • aws-codepipeline-api: Artifact.subartifact method of the CodePipeline API was renamed to Artifact.atPath.

  • constructor signature of TagManager has changed. initialTags is now passed inside a props object.

  • util: @aws-cdk/util is no longer available

  • aws-elasticloadbalancingv2: Adds classes for modeling Application and Network Load Balancers. AutoScalingGroups now implement the interface that makes constructs a load balancing target. The breaking change is that Security Group rule identifiers have been changed in order to make adding rules more reliable. No code changes are necessary but existing deployments may experience unexpected changes.

  • aws-cloudformation: this renames all CloudFormation Actions for CodePipeline to bring them in line with Actions defined in other service packages.

  • aws-codepipeline, aws-codecommit, aws-s3: change the names of the source Actions from XxxSource to XxxSourceAction. This is to align them with the other Actions, like Build. Also, CodeBuild has the concept of Sources, so it makes sense to strongly differentiate between the two.

0.10.0 (2018-09-27)

This release introduces a better way to "escape" L2 constructs in case of missing features by adding the ability to add arbitrary overrides for resource properties:

const bucket = new s3.Bucket(this, 'L2Bucket');

// access L1
const bucketResource = bucket.findChild('Resource') as s3.cloudformation.BucketResource;

// strongly-typed overrides
bucketResource.propertyOverrides.bucketName = 'NewBucketName';

// weakly-typed overrides
bucketResource.addPropertyOverride('BucketName', 'NewerBucketName');

Bug Fixes

  • aws-codecommit: typo in README (#780) (0e79c2d)
  • aws-ec2: fix capitalization of "VPCEndpointType" to "VpcEndpointType" (#789) (7a8ee2c), closes #765
  • docs: fix issue #718 (Aurora DB example) (#783) (016f3a8)

Code Refactoring

Features

  • aws-cloudformation: rename the CodePipeline actions (#771) (007e7b4)
  • aws-cloudformation: update the README of the module to reflect the new action names (#775) (6c0e75b), closes #771
  • aws-codedeploy: add auto-scaling groups property to ServerDeploymentGroup (#739) (0b28886)
  • aws-codedeploy: add deployment configuration construct (#653) (e6b67ad)
  • aws-codepipeline, aws-codecommit, aws-s3: change the convention for naming the source Actions to XxxSourceAction (#753) (9c3ce7f)
  • aws-elasticloadbalancingv2: support for ALB/NLB (#750) (bd9ee01)
  • tagging support for AutoScaling/SecurityGroup (#766) (3d48eb2)
  • core: resource overrides (escape hatch) (#784) (5054eef), closes #606
  • toolkit: stop creating 'empty' stacks (#779) (1dddd8a)

BREAKING CHANGES

  • cdk: the constructor signature of TagManager has changed. initialTags is now passed inside a props object.
  • util: @aws-cdk/util is no longer available
  • aws-elasticloadbalancingv2: adds classes for modeling Application and Network Load Balancers. AutoScalingGroups now implement the interface that makes constructs a load balancing target. The breaking change is that Security Group rule identifiers have been changed in order to make adding rules more reliable. No code changes are necessary but existing deployments may experience unexpected changes.
  • aws-cloudformation: this renames all CloudFormation Actions for CodePipeline to bring them in line with Actions defined in other service packages.
  • aws-codepipeline, aws-codecommit, aws-s3: change the names of the source Actions from XxxSource to XxxSourceAction. This is to align them with the other Actions, like Build. Also, CodeBuild has the concept of Sources, so it makes sense to strongly differentiate between the two.

CloudFormation Changes

0.9.2 (2018-09-20)

NOTICE: This release includes a framework-wide breaking change which changes the type of all the string resource attributes across the framework. Instead of using strong-types that extend cdk.Token (such as QueueArn, TopicName, etc), we now represent all these attributes as normal strings, and codify the tokens into the string (using the feature introduced in #168).

Furthermore, the cdk.Arn type has been removed. In order to format/parse ARNs, use the static methods on cdk.ArnUtils.

See motivation and discussion in #695.

Breaking Changes

  • cfn2ts: use stringified tokens for resource attributes instead of strong types (#712) (6508f78), closes #518 #695 #744
  • aws-dynamodb: Attribute type for keys, changes the signature of the addPartitionKey and addSortKey methods to be consistent across the board. (#720) (e6cc189)
  • aws-codebuild: fix typo "priviledged" -> "privileged

Bug Fixes

Features

  • aws-apigateway: new API Gateway Construct Library (#665) (b0f3857)
  • aws-cdk: detect presence of EC2 credentials (#724) (8e8c295), closes #702 #130
  • aws-codepipeline: make the Stage insertion API in CodePipeline more flexible (#460) (d182818)
  • aws-codepipeline: new "Pipeline#addStage" convenience method (#647) (25c9fa0)
  • aws-rds: add support for parameter groups (#729) (2541508), closes #719
  • docs: add documentation for CDK toolkit plugings (#733) (965b918)
  • dependencies: upgrade to jsii 0.7.6

0.9.1 (2018-09-13)

Bug Fixes

  • aws-cdk: Fix proxy support for account lookup (#693) (5468225), closes #645

Features

  • aws-ec2 BREAKING: Move LoadBalancer to aws-elasticloadbalancing package (#705) (4bd1cf2)
  • aws-serverless BREAKING: Rename @aws-cdk/aws-serverless to @aws-cdk/aws-sam (#704) (3a67d5d)
  • aws-dynamodb: Support DynamoDB TTL (#691) (35b6206)
  • aws-dynamodb: Support DynamoDB PITR (#701) (7a4d7b7)
  • aws-ecr: Add support for ECR repositories (#697) (c6c09bf)
  • aws-lambda: Add support for XRay Tracing (#675) (b4435cc)
  • cfnspec: Add DeploymentPreference Patch for SAM Spec (#681) (#681) (f96c487)

0.9.0 -- 2018-09-10

The headliners of this release are .NET support, and a wealth of commits by external contributors who are stepping up to fix the CDK for their use cases! Thanks all for the effort put into this release!

Features

  • Add strongly-named .NET targets, and a cdk init template for C# projects (@mpiroc in #617, #643).
  • @aws-cdk/aws-autoscaling: Allow attaching additional security groups to Launch Configuration (@moofish32 in #636).
  • @aws-cdk/aws-autoscaling: Support update and creation policies on AutoScalingGroups (@rix0rrr in #595).
  • @aws-cdk/aws-codebuild: Add support for running script from an asset (@rix0rrr in #677).
  • @aws-cdk/aws-codebuild: New method addBuildToPipeline on Project (@skinny85 in 783dcb3).
  • @aws-cdk/aws-codecommit: New method addToPipeline on Repository (@skinny85 in #616).
  • @aws-cdk/aws-codedeploy: Add initial support for CodeDeploy (@skinny85 in #593, #641).
  • @aws-cdk/aws-dynamodb: Add support for DynamoDB autoscaling (@SeekerWing in #637).
  • @aws-cdk/aws-dynamodb: Add support for DynamoDB streams (@rhboyd in #633).
  • @aws-cdk/aws-dynamodb: Add support for server-side encryption (@jungseoklee in #684).
  • @aws-cdk/aws-ec2 (BREAKING): SecurityGroup can now be used as a Connectable #582).
  • @aws-cdk/aws-ec2: Add VPC tagging ([@moofish] in #538).
  • @aws-cdk/aws-ec2: Add support for InstanceSize.Nano (@rix0rrr in #581)
  • @aws-cdk/aws-lambda: Add support for dead letter queues (@SeekerWing in #663).
  • @aws-cdk/aws-lambda: Add support for placing a Lambda in a VPC (@rix0rrr in #598).
  • @aws-cdk/aws-logs: Add extractMetric() helper function (@rix0rrr in #676).
  • @aws-cdk/aws-rds: Add support for Aurora PostreSQL/MySQL engines (@cookejames in #586)
  • @aws-cdk/aws-s3: Additional grant methods for Buckets (@eladb in #591)
  • @aws-cdk/aws-s3: New method addToPipeline on Bucket (@skinny85 in c8b7a49).
  • aws-cdk: Add support for HTTP proxies (@rix0rrr in #666).
  • aws-cdk: Toolkit now shows failure reason if stack update fails (@rix0rrr in #609).
  • cdk-build-tools: Add support for running experiment JSII versions (@RomainMuller in #649).

Changes

  • BREAKING: Generate classes and types for the CloudFormation resource .ref attributes (@rix0rrr in #627).
  • BREAKING: Make types accepted in Policy-related classes narrower (from any to Arn, for example) to reduce typing mistakes (@rix0rrr in #629).
  • @aws-cdk/aws-codepipeline (BREAKING): Align the CodePipeline APIs (@skinny85 in #492, #568)
  • @aws-cdk/aws-ec2 (BREAKING): Move Fleet/AutoScalingGroup to its own package (@rix0rrr in #608).
  • aws-cdk: Simplify plugin protocol (@RomainMuller in #646).

Bug Fixes

  • @aws-cdk/aws-cloudfront: Fix CloudFront behavior for ViewerProtocolPolicy (@mindstorms6 in #615).
  • @aws-cdk/aws-ec2: VPC Placement now supports picking Isolated subnets (@rix0rrr in #610).
  • @aws-cdk/aws-logs: Add export()/import() capabilities (@rix0rrr in #630).
  • @aws-cdk/aws-rds: Fix a bug where a cluster with 1 instance could not be created (@cookejames in #578)
  • @aws-cdk/aws-s3: Bucket notifications can now add dependencies, fixing creation order (@eladb in #584).
  • @aws-cdk/aws-s3: Remove useless bucket name validation (@rix0rrr in #628).
  • @aws-cdk/aws-sqs: Make QueueRef.encryptionMasterKey readonly (@RomainMuller in #650).
  • assets: S3 read permissions are granted on a prefix to fix lost permissions during asset update (@rix0rrr in #510).
  • aws-cdk: Remove bootstrapping error if multiple stacks are in the same environment (@RomainMuller in #625).
  • aws-cdk: Report and continue if git throws errors during cdk init (@rix0rrr in #587).

CloudFormation Changes

  • @aws-cdk/cfnspec: Updated CloudFormation resource specification to v2.6.0 (@RomainMuller in #594)

    • New AWS Construct Library

      • @aws-cdk/aws-sagemaker supports AWS::SageMaker resources

    • New Resource Types

      • AWS::AmazonMQ::Broker
      • AWS::AmazonMQ::Configuration
      • AWS::CodePipeline::Webhook
      • AWS::Config::AggregationAuthorization
      • AWS::Config::ConfigurationAggregator
      • AWS::EC2::VPCEndpointConnectionNotification
      • AWS::EC2::VPCEndpointServicePermissions
      • AWS::IAM::ServiceLinkedRole
      • AWS::SSM::ResourceDataSync
      • AWS::SageMaker::Endpoint
      • AWS::SageMaker::EndpointConfig
      • AWS::SageMaker::Model
      • AWS::SageMaker::NotebookInstance
      • AWS::SageMaker::NotebookInstanceLifecycleConfig

    • Attribute Changes

      • AWS::CodePipeline::Pipeline Version (added)

    • Property Changes

      • AWS::AppSync::DataSource HttpConfig (added)

      • AWS::DAX::Cluster SSESpecification (added)

      • AWS::DynamoDB::Table Stream (added)

      • AWS::DynamoDB::Table AutoScalingSupport (added)

      • AWS::EC2::VPCEndpoint IsPrivateDnsEnabled (added)

      • AWS::EC2::VPCEndpoint SecurityGroupIds (added)

      • AWS::EC2::VPCEndpoint SubnetIds (added)

      • AWS::EC2::VPCEndpoint VPCEndpointType (added)

      • AWS::EC2::VPCEndpoint RouteTableIds.DuplicatesAllowed (deleted)

      • AWS::EC2::VPCPeeringConnection PeerRegion (added)

      • AWS::EFS::FileSystem ProvisionedThroughputInMibps (added)

      • AWS::EFS::FileSystem ThroughputMode (added)

      • AWS::EMR::Cluster KerberosAttributes (added)

      • AWS::Glue::Classifier JsonClassifier (added)

      • AWS::Glue::Classifier XMLClassifier (added)

      • AWS::Glue::Crawler Configuration (added)

      • AWS::Lambda::Lambda DLQConfigurationSupport (added)

      • AWS::Neptune::DBInstance DBSubnetGroupName.UpdateType (changed)

        • Old: Mutable
        • New: Immutable

      • AWS::SNS::Subscription DeliveryPolicy (added)

      • AWS::SNS::Subscription FilterPolicy (added)

      • AWS::SNS::Subscription RawMessageDelivery (added)

      • AWS::SNS::Subscription Region (added)

      • AWS::SQS::Queue Tags (added)

      • AWS::ServiceDiscovery::Service HealthCheckCustomConfig (added)

    • Property Type Changes

      • AWS::AppSync::DataSource.HttpConfig (added)

      • AWS::DAX::Cluster.SSESpecification (added)

      • AWS::EMR::Cluster.KerberosAttributes (added)

      • AWS::Glue::Classifier.JsonClassifier (added)

      • AWS::Glue::Classifier.XMLClassifier (added)

      • AWS::ServiceDiscovery::Service.HealthCheckCustomConfig (added)

      • AWS::CloudFront::Distribution.CacheBehavior FieldLevelEncryptionId (added)

      • AWS::CloudFront::Distribution.DefaultCacheBehavior FieldLevelEncryptionId (added)

      • AWS::CodeBuild::Project.Artifacts EncryptionDisabled (added)

      • AWS::CodeBuild::Project.Artifacts OverrideArtifactName (added)

      • AWS::CodeBuild::Project.Environment Certificate (added)

      • AWS::CodeBuild::Project.Source ReportBuildStatus (added)

      • AWS::ServiceDiscovery::Service.DnsConfig RoutingPolicy (added)

      • AWS::WAF::WebACL.ActivatedRule Action.Required (changed)

        • Old: true
        • New: false

  • @aws-cdk/cfnspec: Updated Serverless Application Model (SAM) Resource Specification (@RomainMuller in #594)

    • Property Changes

      • AWS::Serverless::Api MethodSettings (added)

    • Property Type Changes

      • AWS::Serverless::Function.SQSEvent (added)

      • AWS::Serverless::Function.EventSource Properties.Types (changed)

        • Added SQSEvent

0.8.2 - 2018-08-15

Features

  • @aws-cdk/cdk: Tokens can now be transparently embedded into strings and encoded into JSON without losing their semantics. This makes it possible to treat late-bound (deploy-time) values as if they were regular strings (@rix0rrr in #518).
  • @aws-cdk/aws-s3: add support for bucket notifications to Lambda, SNS, and SQS targets (@eladb in #201, #560, #561, #564)
  • @aws-cdk/cdk: non-alphanumeric characters can now be used as construct identifiers (@eladb in #556)
  • @aws-cdk/aws-iam: add support for maxSessionDuration for Roles (@eladb in #545).

Changes

  • @aws-cdk/aws-lambda (BREAKING): most classes renamed to be shorter and more in line with official service naming (Lambda renamed to Function or ommitted) (@eladb in #550)
  • @aws-cdk/aws-codepipeline (BREAKING): move all CodePipeline actions from @aws-cdk/aws-xxx-codepipeline packages into the regular @aws-cdk/aws-xxx service packages (@skinny85 in #459).
  • @aws-cdk/aws-custom-resources (BREAKING): package was removed, and the Custom Resource construct added to the @aws-cdk/aws-cloudformation package (@rix0rrr in #513)

Fixes

  • @aws-cdk/aws-lambda: Lambdas that are triggered by CloudWatch Events now show up in the console, and can only be triggered the indicated Event Rule. BREAKING for middleware writers (as this introduces an API change), but transparent to regular consumers (@eladb in #558)
  • @aws-cdk/aws-codecommit: fix a bug where pollForSourceChanges could not be set to false (@maciejwalkowiak in #534)
  • aws-cdk: don't fail if the ~/.aws/credentials file is missing (@RomainMuller in #541)
  • @aws-cdk/aws-cloudformation: fix a bug in the CodePipeline actions to correctly support TemplateConfiguration (@mindstorms6 in #571).
  • @aws-cdk/aws-cloudformation: fix a bug in the CodePipeline actions to correctly support ParameterOverrides (@mindstorms6 in #574).

Known Issues

  • cdk init will try to init a git repository and fail if no global user.name and user.email have been configured.

0.8.1 - 2018-08-08

Features

  • aws-cdk: Support --profile in command-line toolkit (@rix0rrr in #517)
  • @aws-cdk/cdk: Introduce Default construct id (@rix0rrr in #496)
  • @aws-cdk/aws-lambda: Add LambdaRuntime.DotNetCore21 (@Mortifera in #507)
  • @aws-cdk/runtime-values (BREAKING): rename 'rtv' to 'runtime-values' (@rix0rrr in #494)
  • @aws-cdk/aws-ec2: Combine Connections and DefaultConnections classes (@rix0rrr in #453)
  • @aws-cdk/aws-codebuild: allow buildSpec parameter to take a filename (@rix0rrr in #470)
  • @aws-cdk/aws-cloudformation-codepipeline: add support for CloudFormation CodePipeline actions (@mindstorms6 and @rix0rrr in #525).
  • docs: Improvements to Getting Started (@eladb in #462)
  • docs: Updates to README (@Doug-AWS in #456)
  • docs: Upgraded jsii-pacmak to 0.6.4, which includes "language-native" type names and package coordinates (@RomainMuller in awslabs/jsii#130)

Bug fixes

0.8.0 - 2018-07-31

This is the first public release of the AWS CDK!

0.7.4 - 2018-07-26

Highlights

  • A huge shout-out to our first external contributor, @moofish32, for many valuable improvements to the EC2 VPC construct (@moofish32 in #250).
  • The AWS::CDK::Metadata resource is injected to templates to analyze usage and notify about deprecated modules to improve security. To opt-out, use the switch --no-version-reporting or set version-reporting to false in your cdk.json (@RomainMuller in [#221]).
  • Added capability for bundling local assets (files/directories) and referencing them in CDK constructs. This allows, for example, to define Lambda functions with runtime code in the same project and deploy them using the toolkit (@eladb in #371).
  • Reorganization of CodePipeline actions into separate libraries (@skinny85 in #401 and #402).
  • A new library for CloudWatch Logs (@rix0rrr in #307).

AWS Construct Library

  • BREAKING: All AWS libraries renamed from @aws-cdk/xxx to @aws-cdk/aws-xxx in order to avoid conflicts with framework modules (@RomainMuller in #384).
  • BREAKING: The @aws-cdk/resources module has been removed. Low-level CloudFormation resources (e.g. BucketResource) are now integrated into their respective library under the cloudformation namespace to improves discoverability and organization of the layers (@RomainMuller in #264).

Framework

  • Introducing CDK Assets which are local files or directories that can be "bundled" into CDK constructs and apps. During deployment assets are packaged (i.e. zipped), uploaded to S3 and their deployed location can be referenced in CDK apps via the s3BucketName and s3ObjectKey and s3Url and read permissions can be granted via asset.grantRead(principal) (@eladb in #371)
  • Return dummy values instead of fail synthesis if environmental context (AZs, SSM parameters) doesn't exist in order to support unit tests. When synthesizing through the toolkit, an error will be displayed if the context cannot be found (@eladb in #227)
  • Added construct.addError(msg), addWarning(msg) and addInfo(msg) which will emit messages during synthesis via the toolkit. Errors will fail synthesis (unless --ignore-errors is used), warnings will be displayed and will fail synthesis if --strict is used (@eladb in #227)

Command Line Toolkit

  • The toolkit now injects a special CloudFormation resource AWS::CDK::Metadata to all synthesized templates which includes library versions used in the app. This allows the CDK team to analyze usage and notify users if they use deprecated versions (@RomainMuller in [#221]).
  • Bug fix: Fixed "unknown command: docs" (@RomainMuller in #256)
  • Changed output of cdk list to just print stack names (scripting-compatible). Use cdk ls -l to print full info (@eladb in #380)

AWS EC2

  • BREAKING: Add the ability customize subnet configurations. Subnet allocation was changed to improve IP space efficiency. VpcNetwork instances will need to be replaced (@moofish32 in #250)
  • BREAKING: Renamed Fleet to AutoScalingGroup to align with service terminology (@RomainMuller in #318)

AWS Lambda

  • Supports runtime code via local files or directories through assets (@eladb in #405)
  • Support custom execution role in props (@rix0rrr in #205)
  • Add static metricAllConcurrentExecutions and metricAllUnreservedConcurrentExecutions which returns account/region-level metrics for all functions (@rix0rrr in #379)

AWS CloudWatch

  • Added Metric.grantMetricPutData which grants cloudwatch:PutData to IAM principals (@rix0rrr in #214)
  • Bug fix: Allow text included in dashboard widgets to include characters that require JSON-escaping (@eladb in #406).

AWS CloudWatch Logs (new)

  • A new construct library for AWS CloudWatch Logs with support for log groups, metric filters, and subscription filters (@rix0rrr in #307).

AWS S3

  • Added bucketUrl and urlForObject(key) to BucketRef (@eladb in #370)

AWS CodeBuild

  • Add CloudWatch metrics to BuildProject (@eladb in [#407])

AWS CodePipeline

  • BREAKING: Moved CodeCommit and CodeBuild and LambdaInvoke actions from the CodePipeline library to @aws-cdk/aws-xxx-codepipline modules (@skinny85 in #401 and #402).
  • Added attributes pipelineName and pipelineVersion (@eladb in #408)

Docs

  • fix: add instructions and fix Windows setup (@mpiroc in #320)
  • fix: show emphasis of modified code in code snippets (@eladb in #396)

0.7.3 - 2018-07-09

Highlights

  • Introducing Java support (see the Getting Started documentation topic for instructions on how to set up a Java project).
  • Introduce a new programming model for CloudWatch metrics, alarms and dashboards (see the @aws-cdk/cloudwatch documentation).
  • Multiple documentation improvements (open with cdk docs).

Known Issues

  • Missing instructions for Windows Setup (#138)
  • cdk docs works but a message Unknown command: docs is printed (#256)
  • Java: passing null behaves differently than no arguments. Workaround is to build an empty object (#157)

Changes

  • Introduce Java support (@eladb in #229, #245, #148, #149)
  • Changed the way the beta archive is structured to no longer bundle a pre-installed node_modules directory but rather only a local npm repository. This changes the setup instructions to require y-npm i -g aws-cdk to install the toolkit on the system, which is more inline with the setup experience post-beta (@RomainMuller in #161, #162 and awslabs/jsii#43).
  • CloudWatch (new): introduce a rich programming model for metrics, alarms and dashboards (@rix0rrr in #180, #194)
  • S3 (feature): add support for SSE-S3 encryption (@rix0rrr in #257)
  • Lambda (feature): add support for node.js 8.10 runtime (@RomainMuller in #187)
  • Runtime Values (fix): use allowed characters in SSM parameter name when advertising a runtime value (@eladb in #208)
  • SNS (docs): convert examples in README into compiled code (@rix0rrr in #107)
  • Toolkit (feature): introduce cdk doctor to collect information for diagnostics (@RomainMuller in #177)
  • Toolkit (feature): align AWS credentials behavior to AWS CLI (@RomainMuller in #175)
  • Toolkit (performance): cache default AWS account ID on disk (@eladb in #220)
  • Docs: multiple updates (@Doug-AWS in #142)
  • Docs: improve topic on logical IDs (@eladb in #209)
  • Docs: add support for code snippets in multiple tabs (@eladb in #231)
  • Docs: rewrote the "Getting Started" documentation topic to include step-by-step project setup details instead of using cdk-init. This is in order to improve understanding of how the CDK works when users get started (@eladb in #245)
  • Resource bundler: generate .d.ts (@rix0rrr in #172)

0.7.2 - 2018-06-19

Known issues

  • Windows setup has not been vetted and might be broken - no workaround (#138)
  • If region is not defined, error message is unclear - workaround: make sure to define region when running aws configure (#131)
  • cdk docs opens the index instead of the welcome page - workaround: click on "Welcome" in the sidebar (#129)
  • The runtime values library (@aws-cdk/rtv) is broken (#151)

0.7.1 - 2018-06-15

Framework

  • Two-way IAM policy statement additions have been removed for S3 and SNS, because those services treat resource and identity policies as additive. KMS grants are still added on both resource and identity because KMS requires permissions set from both sides.

Toolkit

  • cdk init interface changed to accept the template name as a positional argument, and the language as an option. A --list option was added to allow listing available templates.
  • cdk-beta-npm is a wrapper to npm that executes commands with a local registry that has the CDK packages available. It should be used instead of npm for subcommands such as npm install.
  • CDK now respects AWS_DEFAULT_REGION environment variable if set.

0.7.0 - 2018-06-13

Framework

  • BREAKING: All CDK packages are non under the scope @aws-cdk (e.g. @aws-cdk/s3).
  • BREAKING: The jsii compiler now configures tsconfig.json to produce definition files (files with a .d.ts extension). This requires updating your existing package.json files types key to replace the .ts extension with a .d.ts extension.
  • Java bindings now include static methods and constants.
  • SecretParameter can be used to load values from the SSM parameter store during deployment and use them as Secrets.
  • Stack is locked for mutations during synthesis to protect against accidental changes in lazy values.
  • An overhaul of documentation updates, edits and improvements.

ACM

  • Fix: cloudFrontDefaultCertificate is mutually exclusive with acmCertificateArn.

CloudFront (new)

  • Added a new construct library for AWS CloudFront.

CodeBuild

  • Added support for specifying environment variables at the container and project levels.

CodePipeline

  • Fix: GitHub action "owner" changed to ThirdParty.
  • Removed all fluent APIs
  • Use "master" as the default branch for Source actions
  • BREAKING: AmazonS3SourceProps - renamed key to bucketKey

Custom Resources

  • BREAKING: Require that Lambda is referenced explicitly when defining a custom resource. SingletonLambda can be used to encapsulate the custom resource's lambda function but only have a single instance of it in the stack.

Events (new)

A new cross-stack programming model is introduced to support CloudWatch Events. Event sources implement onXxx methods for various events that can emitted by that source and event targets implement IEventRuleTarget, so they can be polymorphically added to rules.

const repo = new Repository(stack, 'MyRepo', { repositoryName: 'my-repo' });
const project = new BuildProject(stack, 'MyProject', { source: new CodeCommitSource(repo) });

const topic = new Topic(stack, 'MyTopic');
topic.subscribeEmail('Personal', 'myteam@mycompany.com');

project.onStateChange(topic);

Coverage to all event sources and target will be added in subsequent releases.

Supported targets:

  • codebuild.BuildProject
  • codepipline.Pipeline
  • sns.Topic

Supported sources:

  • CodeBuild: onStateChange, onPhaseChange, onBuildStarted, onBuildFailed, onBuildSucceeded.
  • CodeCommit: onEvent, onStateChange, onReferenceCreated, onReferenceUpdated, onReferenceDeleted, onPullRequestStateChange, onCommentOnPullRequest, onCommentOnCommit, onCommit.
  • CodePipeline: pipeline.onStateChange, stage.onStateChange, action.onStateChange.

IAM

  • Add CanonicalUserPrincipal
  • Add statementCount to PolicyDocumennt.
  • Extended support for FederatedPrincipal.

Lambda

  • Add initialPolicy prop which allows specifying a set of PolicyStatements upon definition.

S3

  • Added support for lifecycle rules
  • Add domainName and dualstackDomainName attributes

Serverless

  • version field of FunctionResource is now optional.

SNS

  • BREAKING: subscribeXxx APIs now do not require a name when possible (for queue, Lambda).
  • Unique SID assigned to resource policy statements.

Toolkit

  • cdk docs opens your browser with the bundled documentation content.
  • cdk init interface changed to specify --lang and --type separately.
  • Plug-in architecture improved.

0.6.0 - 2018-05-16

AWS Construct Libraries

The main theme for this release is the stabilization of our framework APIs and an initial set of AWS Construct Libraries.

Previously, CDK users would normally to program against the @aws-cdk/resources library which included generated classes for all CloudFormation resources. For example, the sqs.QueueResource defined the AWS::SQS::Queue CloudFormation resource.

Starting in 0.6, we recommend that users define their infrastructure using a new set of hand-crafted libraries we refer to as AWS Construct Libraries (we used to call these "Layer 2" or "L2"). These libraries include CDK constructs with rich and powerful object-oriented APIs for defining infrastructure.

For example:

const vpc = new VpcNetwork(this, 'MyVpc');

const fleet = new Fleet(this, 'MyFleet', {
    vpc, instanceType: new InstanceTypePair(InstanceClass.M4, InstanceSize.XLarge),
    machineImage: new AmazonLinuxImage()
});

const clb = new ClassicLoadBalancer(this, 'LB', {
    vpc, internetFacing: true
});

clb.addListener({ externalPort: 80 });
clb.addTarget(fleet);

Synthesizing this stack to the us-east-1 region (which has 6 availability zones) will result in a CloudFormation template that contains 72 resources of 17 different resource types.

Construct initializers now include a name

All constructs in a CDK stack must have a name unique amongst its siblings. Names are used to allocate stack-wide logical IDs for each CloudFormation resource. Prior to this release, the name of the class was implicitly used as a default name for the construct. As much as this was convenient, we realized it was misleading and potentially unsafe, since a change in a class name will result in changes to all logical IDs for all resources created within that tree, and changes to logical IDs result in resource replacement since CloudFormation cannot associate the existing resource with the new resource (this is the purpose of logical IDs in CloudFormation).

Therefore, we decided construct names deserve an explicit and prominent place in our programming model and starting from this release, they have been promoted to the 2nd argument of all initializers.

new MyConstruct(parent, name, props);

New scheme for allocating CloudFormation logical IDs

In order to ensure uniqueness of logical IDs within a stack, we need to reflect the resource's full CDK path within it's logical ID. Prior to this release, logical IDs were a simple concatenation of the path components leading up to the resource. However, this could potentially create unresolvable conflicts ("a/b/c" == "ab/c").

Since logical IDs may only use alphanumeric characters and also restricted in length, we are unable to simply use a delimited path as the logical ID. Instead IDs are allocated by concatenating a human-friendly rendition from the path (components, de-duplicate, trim) with a short MD5 hash of the delimited path:

VPCPrivateSubnet2RouteTable0A19E10E
<-----------human---------><-hash->

One exception to this scheme is resources which are direct children of the Stack. Such resources will use their name as a logical ID (without the hash). This is done to support easier migration from existing CloudFormation templates.

Renaming logical IDs to avoid destruction of resources

If you have CDK stacks deployed with persistent resources such as S3 buckets or DynamoDB tables, you may want to explicitly "rename" the new logical IDs to match your existing resources.

First, make sure you compare the newly synthesized template with any deployed stacks. cdk diff will tell you which resources will be destroyed if you deploy this update:

[-] Destroying MyTable (type: AWS::DynamoDB::Table)
[+] Creating MyTableCD117FA1 (type: AWS::DynamoDB::Table)

In order to avoid this, you can use stack.renameLogical(from, to) as follows. Note that renameLogical must be called before the resource is defined as logical IDs are allocated during initialization:

// must be before defining the table (this instanceof Stack)
this.renameLogical('MyTableCD117FA1', 'MyTable');
new dynamodb.Table(this, 'MyTable', { /* .. */ });

Now, cdk diff should indicate no differences.

All "props" types are now interfaces instead of classes

In order to improve the developer experience, we have changed the way we model construct "Props" and now they are defined as TypeScript interfaces. This has a few implications on how to use them:

In TypeScript, new XxxProps() won't work, you will have to simply assign an object literal:

new Queue(this, 'MyQueue', { visibilityTimeoutSec: 300 });

In Java, you can create a concrete object using a builder:

new Queue(this, "MyQueue", QueueProps.builder()
    .withVisibilityTimeout(300)
    .build());

A design pattern for exporting/importing resources

All AWS constructs implement a common pattern which allows treating resources defined within the current stack and existing resources to be treated via a common interface:

For example, when defining a Pipeline, you can supply an artifacts bucket.

The bucket is defined within the same stack:

const bucket = new Bucket(this, 'MyArtifactsBucket');
new Pipeline(this, 'MyCoolPipeline', { artifactsBucket: bucket });

You can also import a bucket by just specifying its name:

const bucket = Bucket.import({ bucketName: new BucketName('my-bucket') });
new Pipeline(this, 'MyCoolPipeline', { artifactsBucket: bucket });

Or you can export the bucket from another stack and import it:

// some other stack:
const bucket = new Bucket(otherStack, 'MyBucket');
const externalBucket = bucket.export();
// bucketRef contains tokens that allow you to pass it into `import`.

// my stack:
const importedBucket = Bucket.import(this, 'OtherArtifactsBucket', externalBucket);
new Pipeline(this, 'MyCoolPipeline', { artifactsBucket: importedBucket });

Region-aware APIs for working with machine images (AMIs)

The @aws-cdk/ec2 library exposes a new API for region-aware AMI discovery:

const ami = new AmazonLinuxImage({
    edition: AmazonLinuxEdition.Standard, // default
    virtualization: AmazonLinuxVirt.HVM,  // default
    storage: AmazonLinuxStorage.EBS       // default is GeneralPurpose
});

new Fleet(this, 'MyAmazonLinuxFleet', { machineImage: ami, ... });

For Windows:

const ami = new WindowsImage(WindowsVersion.WindowsServer2016EnglishNanoBase);
new Fleet(this, 'MyWindowsFleet', { machineImage: ami, ... });

Or, a mapping utility:

const ami = new GenericLinuxImage({
    'us-east-1': 'ami-62bda218',
    'eu-west-1': 'ami-773acbcc'
});

new Fleet(this, 'MySuseFleet', { machineImage: ami, ... });

A rich programming model for Code Suite services

The @aws-cdk/codebuild, @aws-cdk/codecommit and @aws-cdk/codepipeline construct libraries include rich APIs for defining continuous integration pipelines and builds.

The following code defines a pipeline with a CodeCommit source and CodeBuild build step. The pipeline is created with an artifacts bucket and a role, and least-privilege policy documents are automatically generated.

// define a CodeCommit repository
const repo = new Repository(stack, 'MyRepo', { repositoryName: 'my-repo' });

// define a pipeline with two stages ("source" and "build")
const pipeline  = new Pipeline(stack, 'Pipeline');
const sourceStage = new Stage(pipeline, 'source');
const buildStage  = new Stage(pipeline, 'build');

// associate the source stage with the code commit repository
const source = new codecommit.PipelineSource(sourceStage, 'source', {
    artifactName: 'SourceArtifact',
    repository: repo,
});

// associate the build stage with code build project
new codebuild.PipelineBuildAction(buildStage, 'build', {
    project: new BuildProject(stack, 'MyBuildProject', { source: new CodePipelineSource() },
    source
});

Inline JavaScript Lambda Functions

The @aws-cdk/lambda library includes an InlineJavaScriptLambda construct which makes it very easy to implement simple node.js Lambda functions with code inline in the CDK.

This CDK program defines an S3 Bucket and a Lambda function, and sets all the needed permissions. When the function is invoked, a file named 'myfile.txt' will be uploaded to the bucket with the text "Hello, world". The physical bucket name is passed through via the BUCKET_NAME environment variable.

const bucket = new Bucket(this, 'MyBucket');

const lambda = new InlineJavaScriptLambda(this, 'MyLambda', {
    environment: {
        BUCKET_NAME: bucket.bucketName
    },
    handler: {
        fn: (event: any, context: any, callback: any) => {
            const s3 = new require('aws-sdk').S3();

            const req = {
                Bucket: process.env.BUCKET_NAME,
                Key: 'myfile.txt',
                Body: 'Hello, world'
            };

            return s3.upload(req, (err, data) => {
                if (err) return callback(err);
                console.log(data);
                return callback();
            });
        }
    }
});

// grant the Lambda execution role read/write permissions for the bucket
// this also adds a corresponding bucket resource policy
bucket.grantReadWrite(lambda.role);

Resource and role IAM policies and grants

All AWS constructs now expose APIs for naturally adding statements to their resource or role policies. Constructs may have addToRolePolicy(statement) or addToResourcePolicy(statement) methods, which can be used to mutate the policies associated with a resource.

The statement is a PolicyStatement object with a rich API for producing IAM statements. This is an excerpt from the implementation of topic.subscribeQueue:

queue.addToResourcePolicy(new PolicyStatement()
    .addResource(queue.queueArn)
    .addAction('sqs:SendMessage')
    .addServicePrincipal('sns.amazonaws.com')
    .setCondition('ArnEquals', { 'aws:SourceArn': this.topicArn }));

The S3 bucket construct has a set of "grant" methods (grantRead, grantReadWrite) which accept a principal resource (user, role or group) and an optional key prefix pattern and will render reciprocal IAM permissions, both in the principal's policy and the bucket policy:

const reader = new User(this, 'Reader');
const bucket = new Bucket(this, 'MyBucket');
bucket.grantRead(reader);

Synthesizes to:

Resources:
  ReaderF7BF189D:
    Type: AWS::IAM::User
  ReaderDefaultPolicy151F3818:
    Type: AWS::IAM::Policy
    Properties:
      PolicyDocument:
        Statement:
        - Action: [ "s3:GetObject*", "s3:GetBucket*", "s3:List*" ]
          Effect: Allow
          Resource:
          - { "Fn::GetAtt": [ "MyBucketF68F3FF0", "Arn" ] }
          - { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "MyBucketF68F3FF0", "Arn" ] }, "/", "*" ] ] }
        Version: '2012-10-17'
      PolicyName: ReaderDefaultPolicy151F3818
      Users: [ { "Ref": "ReaderF7BF189D" } ]
  MyBucketF68F3FF0:
    Type: AWS::S3::Bucket
  MyBucketPolicyE7FBAC7B:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: { "Ref": "MyBucketF68F3FF0" }
      PolicyDocument:
        Statement:
        - Action: [ "s3:GetObject*", "s3:GetBucket*", "s3:List*" ]
          Effect: Allow
          Principal:
            AWS: { "Fn::GetAtt": [ "ReaderF7BF189D", "Arn" ] }
          Resource:
          - { "Fn::GetAtt": [ "MyBucketF68F3FF0", "Arn" ] }]
          - { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "MyBucketF68F3FF0", "Arn" ] }, "/", "*" ] ] }
        Version: '2012-10-17'

Security group connections framework

The @aws-cdk/ec2 library includes a rich framework for modeling security group connections between resources such as a fleet, load balancers and databases.

For example, these automatically create appropriate ingress and egress rules in both security groups:

// allow fleet1 top connect to fleet2 on port 80
fleet1.connections.allowTo(fleet2, new TcpPort(80), 'Allow between fleets');

// allow fleet3 to accept connections from a load balancer on ports 60000-65535
fleet3.connections.allowFrom(loadBalancer, new TcpPortRange(60000, 65535), 'Allow from load balancer');

Improvements to attribute classes and tokens

  • Remove the "Attribute" postfix from all generated attribute types. So now, it is QueueArn instead of QueueArnAttribute. "Attribute" postfix from attribute types
  • Simplify the initialization of Token objects (all attribute types are Tokens). They can now be either initialized with a simple value or a lazy function. This means, that now you can write new QueueArn('foo'). This is useful when importing external resources into the stack.

Improvements to the CDK Toolkit

The toolkit now outputs YAML instead of JSON by default.

Added active progress reporting for stack updates.

The diff output has been dramatically improved and provides a structure-aware diff. For example:

[~] Updating TableCD117FA1 (type: AWS::DynamoDB::Table)
        .ProvisionedThroughput:
            .WriteCapacityUnits: 10
    Creating MyQueueE6CA6235 (type: AWS::SQS::Queue)

Library for unit and integration testing

The CDK is now shipped with a library called @aws-cdk/assert which aims to make it easy to write unit and integration tests for CDK libraries and apps. The library leverages the same powerful template diff mechanism used in the toolkit to print rich descriptions.

import { expect } from '@aws-cdk/assert';

const stack = new Stack();
new Queue(stack, 'MyQueue', { visibilityTimeout: 300 });

expect(stack).to(haveResource('AWS::SQS::Queue', { VisibilityTimeout: 300 }));
expect(stack).to(countResources('AWS::SQS::Queue', 1));
expect(stack).toMatch({
    Resources: {
        MyQueue: {
            Type: 'AWS::SQS::Queue',
            Properties: {
                VisibilityTimeout: 300
            }
        }
    }
});

An initial integration testing utility is now available to allow users to implement manually executed CDK integration tests and ensure they are kept up-to-date if the code changes. This is an initial approach until we have a great way to automatically execute them during CI/CD.

Updates to the IAM policy library

The APIs in the IAM policy library have been improved and now provide a richer and more strongly-typed experience.

A class hierarchy around PolicyPrincipal was created to reflect the various principals available: AccountPrincipal, ServicePrincipal, ArnPrincipal, AccountRootPrincipal.

The Arn type now has the ability to format and parse to/from its components:

Arn.fromComponents({
    service: 'dynamodb',
    resource: 'table',
    account: '123456789012',
    region: 'us-east-1',
    partition: 'aws-cn',
    resourceName: 'mytable/stream/label'
});

// and
const bucketArn = Arn.parse('arn:aws:s3:::my_corporate_bucket')
// bucketArn === { partition: 'aws', service: 's3', resource: 'my_corporate_bucket' }

The Permission class was renamed to PolicyStatement and enriched with more strongly typed APIs.

A new library for defining custom CloudFormation resources

A library to facilitate the definition of custom CloudFormation resources and exposing them as regular CDK constructs is now shipped with the CDK.

0.5.0 - 2018-03-29

AWS Resource Constructs (L1)

  • All CloudFormation resource constructs are now available from the @aws-cdk/resources package under their dedicated AWS service's namespace. we have been calling these resource constructs Layer 1 (or "L1 constructs").
  • All resource constructs now have the Resource suffix (TableResource instead of Table). This helps differentiate them from the rich AWS constructs we are also introducing in this release.
  • The CloudFormation resource property "Name" is now called "xxxName" (where "xxx" is the name of the resource, like "queue") instead of "resourceName".
  • Updated resources based on the latest CloudFormation resource specification.

Before:

import { Pipeline } from '@aws-cdk/codepipeline';

new Pipeline(this, {
    resourceName: 'MyPipelineName'
});

After:

import { codepipeline } from '@aws-cdk/resources';

new codepipeline.PipelineResource(this, {
    pipelineName: 'MyPipelineName'
});

Framework

  • Introducing CDK Applets which allow instantiating specific CDK stacks using a declarative YAML syntax.
  • As a first step to enable diagnostics features in the toolkit, record logical ID (and stack trace) in metadata for stack elements.
  • Introduce a new scheme for generating CloudFormation logical IDs which adds a hash of the construct path to the generated ID to avoid ID collisions. To opt-in for the new scheme, set hashedLogicalIDs to true when creating a Stack.
  • Allow specifying explicit logicalID for stack elements like Resource Parameter and Output.
  • async exec() changed to run() and validate was changed to be a synchronous method instead of async.
  • Merged @aws-cdk/core into aws-cdk, which now where the core classes of the CDK framework live.
  • The Runtime Values library, which was under @aws-cdk/rtv is now @aws-cdk/rtv.
  • Bugfix: Tags could not be used because they failed validation.
  • Bugfix: Allow "-" in stack names.

Toolkit

  • The toolkit is now called CDK Toolkit instead of "cx Toolkit". This means that the cx command-command line program is now called cdk.
  • Added support large CloudFormation templates using a "toolkit stack" which contains an S3 bucket. This approach may be extended to provide other environment-related facilities in the future and requires that users "bootstrap" the toolkit stack into their environments. The current behavior will not require this stack unless you are trying to deploy a large template.
  • It is now possible to synthesize all stacks into a directory.
  • Allow using globs in cdk deploy to select multiple stacks.
  • Default account ID lookup result is now cached.
  • Better error messages.
  • Improve deploy output.
  • Bugfix: Better error message when the app has no stacks.
  • Bugfix: Distinguish actual "stack missing" from "no credentials".
  • Bugfix: Delete stack in unrecoverable state.
  • Bugfix: Fix an issue where 'deploy' fails because subsequent invocations use the same argument array.
  • Bugfix: prevent crash if ~/.aws/config doesn't exist.

Documentation and Examples

  • Implemented a few advanced examples These examples show how to use IAM policies, environmental context, template inclusion, nested stacks, resource references and using various CloudFormation semantics in the CDK

0.4.0 - 2018-03-05

New Features

  • Environments - this version extends the fidelity of a CDK deployment target from only region to region + account, also referred to as an environment. This allows modeling complete apps that span multiple accounts/regions. To preserve the current behavior, if region/account is not specified, the CDK will default to the AWS SDK region/credential provider chain (~/.aws/config). We will add support for AWS SDK Profiles in a future release. See the Environments section of the CDK README for details).
  • Environmental Context (such as availability zones and SSM parameters) - there are use-cases where CDK stacks need to consult with account and region-specific information when they are synthesized (we call this information "environmental context"). For example, the set of supported availability zones is specific to account and region; the specific ID of certain public AMIs (Amazon Machine Image IDs) as published to the SSM parameter store is specific to each region. See the Environmental Context section in the CDK README for details .
  • Runtime Values - a new mechanism for advertising values such as resource attributes and constants from construction-time to runtime code via the SSM parameter store. See the Runtime Values section in the CDK README for details.
  • Construct Validation - it is now possible to implement a method validate(): string[] for any construct at any layer. Validation methods are all executed before a stack is synthesized and provide an opportunity for constructs to implement validation logic. See the Construct Validation section in the CDK README for details.
  • User-specific cx.json - the toolkit will now incorporate settings from ~/.cx.json. This allows users to supply user-specific settings. Note this file is applied before the project-specific cx.json file is applied.
  • IAM Library Improvements - allow creating IAM documents with a base document, a new class AssumeRolePolicyDocument, allow specifying multiple actions when creating a Permission ob object.
  • stack.findResource(logicalId) - allows retriving a resource object from a stack based on it's calculated logical ID.
  • Windows AMIs are read from SSM parameter store.

Bug Fixes

  • cx Toolkit returns a non-zero exit code when an error occurs.
  • Retain original names of CloudFormation properties instead of auto-capitalizing based on heuristics, which caused some unexpected behavior in certain scenarios.
  • CAPABILITY_NAMED_IAM was added to "cx deploy" by default.

0.3.0 - 2018-01-30

Highlights

  • Java support:
class HelloJavaStack extends Stack {
    public HelloJavaStack(final Construct parent, final StackProps props) {
        super(parent, props);

        VpcNetwork vpc = new VpcNetwork(this);

        new Fleet(this, new FleetProps()
                .withVpcSubnetwork(vpc.getPrivateSubnetwork())
                .withInstanceType(new InstanceType("t2.micro"))
                .withMachineImage(new WindowsMachineImage(0)));
    }
}

  • cx Toolkit now supports standard AWS credentials.

  • CloudFormation pseudo parameters and intrinsic functions are now implemented as normal classes (AwsRegion, AwsStackId, FnConcat) instead of static methods. We might introduce functional sugar at a later stage, but at the lower-level, we want to represent both intrinsic functions and pseudo parameters as classes so we can model their relationship more accurately. For example, all pseudo parameters extend PseudoParameter, all functions extends the Fn, all condition functions extend FnCondition, etc.

Before:

Fn.if_(Fn.equals(param.ref, 'True'), 'Encrypted', Pseudo.NO_VALUE)

After:

new FnIf(Fn.equals(param.ref, 'True'), 'Encrypted', new AwsNoValue())
  • CloudFormation template options (templateFormatVersion, description and transform) are now grouped under Stack.templateOptions instead of directly under Stack.

Before:

stack.description = 'This is my awesome template'

After:

stack.templateOptions.description = 'This is my awesome template'

Known Issues

  • Stack names are limited to alphanumeric characters, so it won't be possible to set stack names to match existing deployed stacks. As a workaround you can use cx --rename to specify the actual stack name to use for diff or deploy. Thanks rmuller@ for reporting.
  • When synthesizing templates, we transform all JSON keys to pascal case to conform with CloudFormation standards, but this also affects JSON blobs that are not CloudFormation such as IAM documents or environment variables.

Non-breaking Changes

  • Added support for CloudFormation Rules.
  • Cloud Executable Interface (CXI): changed semantics from "construct" to "synthesize" (backwards compatible).
  • Tokens: improve error reporting when unable to resolve tokens.

0.2.0 - 2017-12-07

Highlights

Construct Names

  • The initializer signature for constructs has changed and is now: new Construct(parent[, props]), where props is may include an optional name property ("id" is now called "name").
  • If name is not specified, the type name is used as the name. This will only be allowed when there is a single construct of a certain type under a parent.
  • If a parent has more than a single child of the same type, all children must have an explicit names to avoid ambiguity when generating CloudFormation logical IDs.
  • JSX support updated to use name instead of id when producing construct trees.

Before:

new BeautifulConstruct(this, 'MyBeautifulConstruct', { ...props })

After:

new BeautifulConstruct(this) // use defaults
new BeautifulConstruct(this, { ...props })
// or
new BeautifulConstruct(this, { name: 'MyBeautifulConstruct', ...props })

Resource Attribute Types

  • CloudFormation resource attribute properties now return a specialized type per attribute. For example, the sqs.queueArn property returns a QueueArnAttribute object instead of a Token.
  • The Attribute and ArnAttribute classes extend Token and used as base classes for attribute types.
  • Resource names are now added as a prefix to attribute properties (queueArn instead of arn). This is required for future support for duck-typing and polymorphic use of resources of multiple types via a single container.

Before:

const t = new aws.dynamodb.Table(this);
assert(t.arn instanceof Token);

After:

const t = new aws.dynamodb.Table(this);
assert(t.tableArn instanceOf TableArnAttribute);
assert(t.tableArn instanceOf ArnAttribute);
assert(t.tableArn instanceOf Token);

Construct Metadata

  • Constructs can now have metadata entries attached to them via addMetadata(type,data).
  • Each entry will also include the stack trace from which the entry was added, which will later be used to improve the diagnosability of deployment errors.
  • Stack metadata can be obtained using cx-Toolkit via cx metadata.
  • construct.addWarning(msg) attaches a "warning" metadata entry to a construct, which is displayed as a warning when synthesizing or deploying the stack.
  • cx-Toolkit will show warnings upon synthesis also supports --strict mode which will refuse to deploy stacks with warnings.

Example:

const c = new Construct(this);
c.addWarning('this is a warning');
c.addMetadata('type', 'data');
$ cx metadata
{
  "/Stack/Construct": [
    {
      "type": "type",
      "data": "data",
      "trace": [ ... ]
    },
    {
      "type": "warning",
      "data": "this is a warning",
      "trace": [ ... ]
    }
  ]
}
$ cx synth
Warning: this is a warning (at /Stack/Construct)
...

Resource Enrichments

  • Replaced topic.subscribeToXxx with topic.subscribe(target) where target is anything that adheres to the SubscriptionTarget interface (technically it's an abstract class because jsii doesn't support interfaces yet).
  • Removed function.addExecutionRole() - an execution role is automatically created when invoking function.addPermission(p).

Tokens

  • The evaluate method is now called resolve.

CX Toolkit Usability Improvements

  • If an app contains a single stack, no need to specify the stack name.
  • synth --interactive (or synth --interactive --verbose) now displays real-time updates of a template's contents. Really nice for fast iteration;
  • The toolkit now reads cx.json for default arguments. Very useful, for example, to remove the need to specify --app in every invocation.