fix(deps): update dependency aws-cdk-lib to v2.80.0 [security]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
aws-cdk-lib	`2.59.0` -> `2.80.0`

GitHub Vulnerability Alerts

CVE-2023-35165

If you are using the eks.Cluster or eks.FargateCluster construct we need you to take action. Other users are not affected and can stop reading.

Impact

The AWS Cloud Development Kit (CDK) allows for the definition of Amazon Elastic Container Service for Kubernetes (EKS) clusters. eks.Cluster and eks.FargateCluster constructs create two roles that have an overly permissive trust policy.

The first, referred to as the CreationRole, is used by lambda handlers to create the cluster and deploy Kubernetes resources (e.g KubernetesManifest, HelmChart, ...) onto it. Users with CDK version higher or equal to 1.62.0 (including v2 users) will be affected.

The second, referred to as the default MastersRole, is provisioned only if the mastersRole property isn't provided and has permissions to execute kubectl commands on the cluster. Users with CDK version higher or equal to 1.57.0 (including v2 users) will be affected.

Both these roles use the account root principal in their trust policy, which allows any identity in the account with the appropriate sts:AssumeRolepermissions to assume it. For example, this can happen if another role in your account has sts:AssumeRole permissions on Resource: "*".

CreationRole

Users with CDK version higher or equal to 1.62.0 (including v2 users). The role in question can be located in the IAM console. It will have the following name pattern:

*-ClusterCreationRole-*

MastersRole

Users with CDK version higher or equal to 1.57.0 (including v2 users) that are not specifying the mastersRole property. The role in question can be located in the IAM console. It will have the following name pattern:

*-MastersRole-*

Patches

The issue has been fixed in versions v1.202.0, v2.80.0. We recommend you upgrade to a fixed version as soon as possible. See Managing Dependencies in the CDK Developer Guide for instructions on how to do this.

The new versions no longer use the account root principal. Instead, they restrict the trust policy to the specific roles of lambda handlers that need it. This introduces some breaking changes that might require you to perform code changes. Refer to https://github.com/aws/aws-cdk/issues/25674 for a detailed discussion of options.

Workarounds

CreationRole

There is no workaround available for CreationRole.

MastersRole

To avoid creating the default MastersRole, use the mastersRole property to explicitly provide a role. For example:

new eks.Cluster(this, 'Cluster', { 
  ... 
  mastersRole: iam.Role.fromRoleArn(this, 'Admin', 'arn:aws:iam::xxx:role/Admin') 
});

References

https://github.com/aws/aws-cdk/issues/25674

If you have any questions or comments about this advisory we ask that you contact AWS/Amazon Security via our vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.

Release Notes

aws/aws-cdk (aws-cdk-lib)

### [`v2.80.0`](https://togithub.com/aws/aws-cdk/releases/tag/v2.80.0) [Compare Source](https://togithub.com/aws/aws-cdk/compare/v2.79.1...v2.80.0) ##### ⚠ BREAKING CHANGES - **eks:** A masters role is no longer provisioned by default. Use the `mastersRole` property to explicitly pass a role that needs cluster access. In addition, the creation role no longer allows any identity (with the appropriate `sts:AssumeRole` permissions) to assume it. ##### Features - **apigateway:** add grantExecute to API Methods ([#25630](https://togithub.com/aws/aws-cdk/issues/25630)) ([ecb59fd](https://togithub.com/aws/aws-cdk/commit/ecb59fda50078e29d579b7b0ee82600f553aec75)) - **appmesh:** access log format support for app mesh ([#25229](https://togithub.com/aws/aws-cdk/issues/25229)) ([c4b00be](https://togithub.com/aws/aws-cdk/commit/c4b00bee9a2ada024c8d838ba083549bc69889f8)) - **appsync:** Add Private API support when creating a GraphqlApi ([#25569](https://togithub.com/aws/aws-cdk/issues/25569)) ([d7e263d](https://togithub.com/aws/aws-cdk/commit/d7e263d5d175f5f189f3ea3d1a5501b975a26281)) - **cfnspec:** cloudformation spec v122.0.0 ([#25555](https://togithub.com/aws/aws-cdk/issues/25555)) ([5ccc569](https://togithub.com/aws/aws-cdk/commit/5ccc56975c323ea19fd0917def51184e13f440d9)) - **cli:** assets can now depend on stacks ([#25536](https://togithub.com/aws/aws-cdk/issues/25536)) ([25d5d60](https://togithub.com/aws/aws-cdk/commit/25d5d60fd0ed852b1817d749b65c68d5279b38a3)) - **cli:** logging can be corked ([#25644](https://togithub.com/aws/aws-cdk/issues/25644)) ([0643020](https://togithub.com/aws/aws-cdk/commit/064302007e902a1521ccc6948a5691cd777afc15)), closes [#25536](https://togithub.com/aws/aws-cdk/issues/25536) - **codepipeline-actions:** add KMSEncryptionKeyARN for S3DeployAction ([#24536](https://togithub.com/aws/aws-cdk/issues/24536)) ([b60876f](https://togithub.com/aws/aws-cdk/commit/b60876f7bd973f88e965c7e6204ced11c55c55a3)), closes [#24535](https://togithub.com/aws/aws-cdk/issues/24535) - **eks:** alb controller include versions 2.4.2 - 2.5.1 ([#25330](https://togithub.com/aws/aws-cdk/issues/25330)) ([83c4c36](https://togithub.com/aws/aws-cdk/commit/83c4c36e56917be248bdee1bc11516982d50b17a)), closes [#25307](https://togithub.com/aws/aws-cdk/issues/25307) - **msk:** Kafka version 3.4.0 ([#25557](https://togithub.com/aws/aws-cdk/issues/25557)) ([6317518](https://togithub.com/aws/aws-cdk/commit/6317518e5d68e5659237b676668fd69bfbd2f42f)), closes [#25522](https://togithub.com/aws/aws-cdk/issues/25522) - **scheduler:** schedule expression construct ([#25422](https://togithub.com/aws/aws-cdk/issues/25422)) ([97a698e](https://togithub.com/aws/aws-cdk/commit/97a698ee9e1e47ffb4af5d7d06cd309ddd3a2732)) ##### Bug Fixes - **bootstrap:** bootstrap doesn't work in non-aws partitions anymore (revert security hub finding fix) ([#25540](https://togithub.com/aws/aws-cdk/issues/25540)) ([8854739](https://togithub.com/aws/aws-cdk/commit/8854739a6b4cdd33dc0da3b76b634b5ab151437b)), closes [/github.com/aws/aws-cdk/issues/19380#issuecomment-1512009270](https://togithub.com/aws//github.com/aws/aws-cdk/issues/19380/issues/issuecomment-1512009270) [#25272](https://togithub.com/aws/aws-cdk/issues/25272) [#25273](https://togithub.com/aws/aws-cdk/issues/25273) [#25507](https://togithub.com/aws/aws-cdk/issues/25507) - **eks:** overly permissive trust policies ([#25473](https://togithub.com/aws/aws-cdk/issues/25473)) ([51f0193](https://togithub.com/aws/aws-cdk/commit/51f0193bf34cca8254743561a1176e3ca5d83a74)). We would like to thank [@twelvemo](https://togithub.com/twelvemo) and [@stefreak](https://togithub.com/stefreak) for reporting this issue. *** #### Alpha modules (2.80.0-alpha.0) ### [`v2.79.1`](https://togithub.com/aws/aws-cdk/releases/tag/v2.79.1) [Compare Source](https://togithub.com/aws/aws-cdk/compare/v2.79.0...v2.79.1) ##### Bug Fixes - **bootstrap:** bootstrap doesn't work in non-aws partitions anymore (revert security hub finding fix) ([#25272](https://togithub.com/aws/aws-cdk/issues/25272)) ([4c4014e](https://togithub.com/aws/aws-cdk/commit/4c4014e0bd3fa90402cfc22971f1cbe5d372642f)) *** #### Alpha modules (2.79.1-alpha.0) ### [`v2.79.0`](https://togithub.com/aws/aws-cdk/releases/tag/v2.79.0) [Compare Source](https://togithub.com/aws/aws-cdk/compare/v2.78.0...v2.79.0) ##### Features - **cfnspec:** cloudformation spec v121.0 ([#25499](https://togithub.com/aws/aws-cdk/issues/25499)) ([c2ef657](https://togithub.com/aws/aws-cdk/commit/c2ef6571b7971384a60866b14371f204d30756cd)) - **ecr:** grantRead on repositories ([#25445](https://togithub.com/aws/aws-cdk/issues/25445)) ([ce7bdea](https://togithub.com/aws/aws-cdk/commit/ce7bdea1d1b79de517b2b7ff6d4d73212f8a84c3)) - **logs:** support DataProtectionPolicy in LogGroup construct ([#23402](https://togithub.com/aws/aws-cdk/issues/23402)) ([ed3962a](https://togithub.com/aws/aws-cdk/commit/ed3962af3a7e532d9a4d16fadb5f472dd065b43f)), closes [#23399](https://togithub.com/aws/aws-cdk/issues/23399) ##### Bug Fixes - **batch:** JobDefinition's ContainerDefinition's Image is synthesized with `[Object object]` ([#25466](https://togithub.com/aws/aws-cdk/issues/25466)) ([b3d0d57](https://togithub.com/aws/aws-cdk/commit/b3d0d570fe02e124f4497e35eb87c96c0eb8a1d5)), closes [#25250](https://togithub.com/aws/aws-cdk/issues/25250) - **cfn2ts:** doesn't handle property types with the same type as a primitive type ([#25460](https://togithub.com/aws/aws-cdk/issues/25460)) ([b76c182](https://togithub.com/aws/aws-cdk/commit/b76c18287ce452f5b5d27af68028e9f6b47d67b5)), closes [aws-cdk/cfnspec/spec-source/specification/000\_cfn/000\_official/000\_AWS_IoT.json#L1437-L1442](https://togithub.com/aws-cdk/cfnspec/spec-source/specification/000\_cfn/000\_official/000\_AWS_IoT.json/issues/L1437-L1442) [aws-cdk/cfnspec/spec-source/specification/000\_cfn/000\_official/000\_AWS_IoT.json#L1727-L1742](https://togithub.com/aws-cdk/cfnspec/spec-source/specification/000\_cfn/000\_official/000\_AWS_IoT.json/issues/L1727-L1742) [#22732](https://togithub.com/aws/aws-cdk/issues/22732) - **core:** crossRegionReferences don't work across multiple regions ([#25384](https://togithub.com/aws/aws-cdk/issues/25384)) ([65265e1](https://togithub.com/aws/aws-cdk/commit/65265e1297f47a5e8e85ade620095c5af1082290)), closes [#25190](https://togithub.com/aws/aws-cdk/issues/25190) [#25377](https://togithub.com/aws/aws-cdk/issues/25377) - **dynamodb:** fix hardcoded partition in replica-provider IAM policy ([#25428](https://togithub.com/aws/aws-cdk/issues/25428)) ([b5b4f66](https://togithub.com/aws/aws-cdk/commit/b5b4f66396cdc1fae3887f82509d30c4c4c6f6d4)), closes [#25407](https://togithub.com/aws/aws-cdk/issues/25407) - **elasticloadbalancingv2:** ALB auth return internal server error ([#24510](https://togithub.com/aws/aws-cdk/issues/24510)) ([75212eb](https://togithub.com/aws/aws-cdk/commit/75212ebc7a30d822097223ea39a0d58da6fe8d43)), closes [#21939](https://togithub.com/aws/aws-cdk/issues/21939) [#19035](https://togithub.com/aws/aws-cdk/issues/19035) [#18944](https://togithub.com/aws/aws-cdk/issues/18944) - **servicecatalogappregistry:** Revert deprecated method removing PR to keep deprecated method in alpha version ([#25454](https://togithub.com/aws/aws-cdk/issues/25454)) ([b20b1f2](https://togithub.com/aws/aws-cdk/commit/b20b1f231e12007e7d064cdc4f0c9dc7354827a3)) *** #### Alpha modules (2.79.0-alpha.0) ##### Bug Fixes - **servicecatalogappregistry:** Revert deprecated method to keep deprecated method in alpha version ([b20b123](https://togithub.com/aws/aws-cdk/commit/b20b1f231e12007e7d064cdc4f0c9dc7354827a3)) - **batch:** JobDefinition's ContainerDefinition's Image is synthesized with `[Object object]` ([#25250](https://togithub.com/aws/aws-cdk/issues/25250)) ([b3d0d57](https://togithub.com/aws/aws-cdk/commit/b3d0d570fe02e124f4497e35eb87c96c0eb8a1d5)) ### [`v2.78.0`](https://togithub.com/aws/aws-cdk/releases/tag/v2.78.0) [Compare Source](https://togithub.com/aws/aws-cdk/compare/v2.77.0...v2.78.0) ##### Features - **appsync:** L2 construct for EventBridge DataSource. ([#25369](https://togithub.com/aws/aws-cdk/issues/25369)) ([a0ad49d](https://togithub.com/aws/aws-cdk/commit/a0ad49df7b2536d800b4890ae0116e6ce26e6c55)), closes [#24809](https://togithub.com/aws/aws-cdk/issues/24809) - **cfnspec:** cloudformation spec v120.0.0 ([#25354](https://togithub.com/aws/aws-cdk/issues/25354)) ([9096602](https://togithub.com/aws/aws-cdk/commit/9096602385ef9ed84b27b54aab7b0b5a448706ce)) - **codebuild:** add support for `aws/codebuild/amazonlinux2-aarch64-standard:3.0` ([#25351](https://togithub.com/aws/aws-cdk/issues/25351)) ([0d187c1](https://togithub.com/aws/aws-cdk/commit/0d187c1ef337d5a46c47c018dc85e43de897f095)), closes [#25334](https://togithub.com/aws/aws-cdk/issues/25334) - **ec2:** Prefixlist Constructs ([#25252](https://togithub.com/aws/aws-cdk/issues/25252)) ([b2dfac0](https://togithub.com/aws/aws-cdk/commit/b2dfac09ebbd1302ec0236e4710ca9fef6b34274)), closes [#24714](https://togithub.com/aws/aws-cdk/issues/24714) - **ec2:** restrict access to default security group (under feature flag) ([#25297](https://togithub.com/aws/aws-cdk/issues/25297)) ([d8272ef](https://togithub.com/aws/aws-cdk/commit/d8272ef30d64777f54a7a283caf49b1dc67be927)), closes [/docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-2](https://togithub.com/aws//docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html/issues/ec2-2) [#19394](https://togithub.com/aws/aws-cdk/issues/19394) - **events:** Validate events rule name ([#25366](https://togithub.com/aws/aws-cdk/issues/25366)) ([5bdb012](https://togithub.com/aws/aws-cdk/commit/5bdb0128e8181cd3a33a118a1f121f67b0f78b20)), closes [#25352](https://togithub.com/aws/aws-cdk/issues/25352) - **rds:** add missing PerformanceInsightRetention options ([#25347](https://togithub.com/aws/aws-cdk/issues/25347)) ([1dbae20](https://togithub.com/aws/aws-cdk/commit/1dbae20bdc633ce580cab8f758a43bfba763c4f6)) ##### Bug Fixes - **api-gateway:** add validation to `variables` property on `Stage` resource ([#25267](https://togithub.com/aws/aws-cdk/issues/25267)) ([04427e3](https://togithub.com/aws/aws-cdk/commit/04427e37b8da8c6cc9d360edd66093c2a63e19fe)), closes [#3635](https://togithub.com/aws/aws-cdk/issues/3635) - **apigateway:** cannot use requestValidatorOptions multiple times (under feature flag) ([#25324](https://togithub.com/aws/aws-cdk/issues/25324)) ([2a49fd1](https://togithub.com/aws/aws-cdk/commit/2a49fd1703c4eda9497cc5d5061372a1466d1ab0)), closes [#7613](https://togithub.com/aws/aws-cdk/issues/7613) - **batch:** `ManagedEc2EcsComputeEnvironment` instance role missing managed policy ([#25279](https://togithub.com/aws/aws-cdk/issues/25279)) ([c81d115](https://togithub.com/aws/aws-cdk/commit/c81d115955dbb27ce873ed7c9d71cc0dc8eacf99)), closes [#25256](https://togithub.com/aws/aws-cdk/issues/25256) - **batch:** JobQueue uses wrong id for underlying CfnJobQueue ([#25269](https://togithub.com/aws/aws-cdk/issues/25269)) ([4cbb790](https://togithub.com/aws/aws-cdk/commit/4cbb7905d0419eb763e25b1d6de574b35ab60bc9)), closes [#25248](https://togithub.com/aws/aws-cdk/issues/25248) - **core:** output folder checksum is computed unnecessarily ([#25392](https://togithub.com/aws/aws-cdk/issues/25392)) ([f2294ba](https://togithub.com/aws/aws-cdk/commit/f2294ba5d17b31895267a672dcc7ec457cc779c7)) - **ecs:** Allow scheduling DAEMON services even if no EC2 capacity attached to cluster ([#25306](https://togithub.com/aws/aws-cdk/issues/25306)) ([#25328](https://togithub.com/aws/aws-cdk/issues/25328)) ([96bb8ce](https://togithub.com/aws/aws-cdk/commit/96bb8ce6b3a45daf47d4d4dbf91fd6b69988bb7b)) - **elasticloadbalancingv2:** the bucket policy for ELB access logging is too permissive ([#25345](https://togithub.com/aws/aws-cdk/issues/25345)) ([748e685](https://togithub.com/aws/aws-cdk/commit/748e6859ccab999e66768d40d34fef93884453ea)), closes [/docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-6](https://togithub.com/aws//docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html/issues/s3-6) - **iam:** Role.fromRoleName fails on AWS created roles ([#25389](https://togithub.com/aws/aws-cdk/issues/25389)) ([4c9ce9b](https://togithub.com/aws/aws-cdk/commit/4c9ce9b6aa88306feeac6ffb71c1342d8acf4349)) - **integ-tests:** allow multiple AwsApiCalls with the same action and different parameters ([#25241](https://togithub.com/aws/aws-cdk/issues/25241)) ([75967e1](https://togithub.com/aws/aws-cdk/commit/75967e17b8ce3a9d1e0068a3aa210abb247191e6)), closes [#25014](https://togithub.com/aws/aws-cdk/issues/25014) - **s3-deployment:** doesn't work in ADC regions ([#25363](https://togithub.com/aws/aws-cdk/issues/25363)) ([432af34](https://togithub.com/aws/aws-cdk/commit/432af347772fb3bf0f51aae07f4deb0aeec55d81)) - dns-validated-cert cr doesn't use node16 ([#25348](https://togithub.com/aws/aws-cdk/issues/25348)) ([ad71026](https://togithub.com/aws/aws-cdk/commit/ad7102683be92ab8d5ab985d34b2203921ab061b)), closes [#25335](https://togithub.com/aws/aws-cdk/issues/25335) *** #### Alpha modules (2.78.0-alpha.0) ### [`v2.77.0`](https://togithub.com/aws/aws-cdk/releases/tag/v2.77.0) [Compare Source](https://togithub.com/aws/aws-cdk/compare/v2.76.0...v2.77.0) ##### Features - **custom-resource:** upgrade builtin custom resource runtime version to Node 16 ([#24916](https://togithub.com/aws/aws-cdk/issues/24916)) ([6f7c4b5](https://togithub.com/aws/aws-cdk/commit/6f7c4b595d4281a9f9bf19796d8d5ffa08c9d5e3)) - **custom-resource:** expose removalPolicy ([#25235](https://togithub.com/aws/aws-cdk/issues/25235)) ([79881c5](https://togithub.com/aws/aws-cdk/commit/79881c510abef0bab2c713c36e291246b7892756)), closes [#25220](https://togithub.com/aws/aws-cdk/issues/25220) - **ecs-patterns:** Tagging support for scheduled tasks ([#25222](https://togithub.com/aws/aws-cdk/issues/25222)) ([6da4eba](https://togithub.com/aws/aws-cdk/commit/6da4ebae60f6a770325d5913f1c95d8557137573)), closes [#23838](https://togithub.com/aws/aws-cdk/issues/23838) [#25106](https://togithub.com/aws/aws-cdk/issues/25106) - **eks:** support for Kubernetes version 1.26 ([#25088](https://togithub.com/aws/aws-cdk/issues/25088)) ([792e3f2](https://togithub.com/aws/aws-cdk/commit/792e3f2edeccbc8983ec95f4f31a433181619dee)), closes [#25087](https://togithub.com/aws/aws-cdk/issues/25087) - **lambda:** Java 17 runtime ([#25240](https://togithub.com/aws/aws-cdk/issues/25240)) ([5573025](https://togithub.com/aws/aws-cdk/commit/5573025f89359d46fd2878be49ce09b52854b6fd)) - **lambda-event-sources:** Add eventsourceMappingArn to IEventSourceMapping ([#24991](https://togithub.com/aws/aws-cdk/issues/24991)) ([ecd7374](https://togithub.com/aws/aws-cdk/commit/ecd737405f27a06a17400a1f6164c14a869a2f2d)), closes [#24801](https://togithub.com/aws/aws-cdk/issues/24801) - **pipelines:** added logging as option for codeBuildDefaults prop on CodePipeline construct ([#25266](https://togithub.com/aws/aws-cdk/issues/25266)) ([d479b4d](https://togithub.com/aws/aws-cdk/commit/d479b4d719cae06a7972daa7ba923029c60890ae)), closes [#22045](https://togithub.com/aws/aws-cdk/issues/22045) [#22045](https://togithub.com/aws/aws-cdk/issues/22045) - **s3-deployment:** implement new signContent option ([#24713](https://togithub.com/aws/aws-cdk/issues/24713)) ([5a836cb](https://togithub.com/aws/aws-cdk/commit/5a836cb6a889dd39b0b2bb897de7ebd7760f0213)), closes [#24711](https://togithub.com/aws/aws-cdk/issues/24711) - **stepfunctions-tasks:** add elasticmapreduce:AddTags permission for EmrCreateCluster state with tags ([#24856](https://togithub.com/aws/aws-cdk/issues/24856)) ([81beab3](https://togithub.com/aws/aws-cdk/commit/81beab32da9796772cfaebca89ca21dac59e3419)), closes [#24842](https://togithub.com/aws/aws-cdk/issues/24842) ##### Bug Fixes - **cli:** diff doesn't display paths for removed resources ([#25294](https://togithub.com/aws/aws-cdk/issues/25294)) ([9bf63ed](https://togithub.com/aws/aws-cdk/commit/9bf63ede8ac41605b904e13a1b645e592076a3d5)) - **pipelines:** CodeBuild Action role can be assumed by too many identities ([#25316](https://togithub.com/aws/aws-cdk/issues/25316)) ([90cb79f](https://togithub.com/aws/aws-cdk/commit/90cb79f29523997e5430f67755e718b457ebcb1c)) - log buckets don't have acls enabled ([#25303](https://togithub.com/aws/aws-cdk/issues/25303)) ([0e9440b](https://togithub.com/aws/aws-cdk/commit/0e9440bfc218516e354855285ab6ab535398e800)), closes [#25288](https://togithub.com/aws/aws-cdk/issues/25288) - **apigatewayv2:** does not work in non-aws partition ([#25284](https://togithub.com/aws/aws-cdk/issues/25284)) ([706dc89](https://togithub.com/aws/aws-cdk/commit/706dc8962e55af4501e038096cdd7e6362d75d03)) - **appmesh:** add missing `port` property ([#25112](https://togithub.com/aws/aws-cdk/issues/25112)) ([925c9ba](https://togithub.com/aws/aws-cdk/commit/925c9ba66fc802161ffe159b48b564c6d1e6f816)), closes [#22452](https://togithub.com/aws/aws-cdk/issues/22452) - **backup:** `BackupVault.fromBackupVaultArn` parses wrong arn format ([#25259](https://togithub.com/aws/aws-cdk/issues/25259)) ([c2082a7](https://togithub.com/aws/aws-cdk/commit/c2082a7433eb586e2c8738dd8fdd55b0a312180e)), closes [#25212](https://togithub.com/aws/aws-cdk/issues/25212) - **batch:** jobDefinitionName returns ARN instead of name ([#25207](https://togithub.com/aws/aws-cdk/issues/25207)) ([3ea6062](https://togithub.com/aws/aws-cdk/commit/3ea60625a2946ab12b91a3bd1d477fa6e41ab5ae)), closes [#25197](https://togithub.com/aws/aws-cdk/issues/25197) - **bootstrap:** add `previous-parameters` option to bootstrap command ([#25219](https://togithub.com/aws/aws-cdk/issues/25219)) ([02e8758](https://togithub.com/aws/aws-cdk/commit/02e875855e26d2a79ba9145f2a5207924424bb48)), closes [#23780](https://togithub.com/aws/aws-cdk/issues/23780) - **cloudfront:** can't create the default log bucket ([#25298](https://togithub.com/aws/aws-cdk/issues/25298)) ([0eb25f2](https://togithub.com/aws/aws-cdk/commit/0eb25f275707ae5c1cc52d1bbb500e96e89698a4)), closes [/docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html#access-logs-choosing-s3](https://togithub.com/aws//docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html/issues/access-logs-choosing-s3) [#25288](https://togithub.com/aws/aws-cdk/issues/25288) [#25291](https://togithub.com/aws/aws-cdk/issues/25291) - **core:** crossRegionReferences doesn't work when exporting to multiple regions ([#25190](https://togithub.com/aws/aws-cdk/issues/25190)) ([89b26b8](https://togithub.com/aws/aws-cdk/commit/89b26b863de0c57e039c39541b6921c31e4b141c)), closes [#24464](https://togithub.com/aws/aws-cdk/issues/24464) - **custom-resources:** State functionActiveV2 not found ([#25228](https://togithub.com/aws/aws-cdk/issues/25228)) ([13a230e](https://togithub.com/aws/aws-cdk/commit/13a230ecd98f9cc4da1d1e25a2c4dbf6598c0b21)), closes [#24358](https://togithub.com/aws/aws-cdk/issues/24358) - **eks:** Allow helm pull from non-ECR OCI repositories ([#25237](https://togithub.com/aws/aws-cdk/issues/25237)) ([27da99e](https://togithub.com/aws/aws-cdk/commit/27da99e6a23d08ebbc43399b12aac0e4cf42d552)), closes [#24710](https://togithub.com/aws/aws-cdk/issues/24710) - **eks:** policy does not exist or is not attachable in China and GovCloud regions ([#25215](https://togithub.com/aws/aws-cdk/issues/25215)) ([ea65415](https://togithub.com/aws/aws-cdk/commit/ea65415e9056ac3b951979ffd1c7b145adda7157)), closes [#24358](https://togithub.com/aws/aws-cdk/issues/24358) [#24696](https://togithub.com/aws/aws-cdk/issues/24696) - **elasticloadbalancingv2:** ALB listeners with multiple forwardi… ([#25005](https://togithub.com/aws/aws-cdk/issues/25005)) ([512f64e](https://togithub.com/aws/aws-cdk/commit/512f64e5d731c5402c53ea7d20d6f3f3e9719ae4)), closes [#24805](https://togithub.com/aws/aws-cdk/issues/24805) - **elasticloadbalancingv2:** can not set sessionTimeout ([#24457](https://togithub.com/aws/aws-cdk/issues/24457)) ([cefbb33](https://togithub.com/aws/aws-cdk/commit/cefbb334609869b65bbd5e2b8aabbc153c423466)), closes [#12843](https://togithub.com/aws/aws-cdk/issues/12843) [#21768](https://togithub.com/aws/aws-cdk/issues/21768) - **rds:** Correct ARN in IAM policy for IAM database access ([#25141](https://togithub.com/aws/aws-cdk/issues/25141)) ([227ea09](https://togithub.com/aws/aws-cdk/commit/227ea0905c1d299395c1f93779d23426144d6df5)), closes [#12416](https://togithub.com/aws/aws-cdk/issues/12416) [#11851](https://togithub.com/aws/aws-cdk/issues/11851) *** #### Alpha modules (2.77.0-alpha.0) ### [`v2.76.0`](https://togithub.com/aws/aws-cdk/releases/tag/v2.76.0) [Compare Source](https://togithub.com/aws/aws-cdk/compare/v2.75.1...v2.76.0) ##### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES - **servicecatalogappregistry:** this change will deprecated **associateStack** and **associateAttributeGroup** in Application Construct. The user who are using these two method need to update to use alternative method. For associateStack, the alternative method is **associateApplicationWithStack** For associateAttributeGroup, the alternative method is **AttributeGroup.associateWith** The user who are using these two method need to update to use alternative method. For associateStack, the alternative method is **associateApplicationWithStack** For associateAttributeGroup, the alternative method is **AttributeGroup.associateWith** Purpose of this PR: we need to remove deprecated resource before we moving into stable version The method that we remove is: associateStack and associateAttributeGroup CHANGES: 1. in lib/application.ts, we remove these two methods and update their corresponding interface 2. in test/ application.test.ts & test/integ.application.ts, we update application.test.ts and integ.application.ts to remove these two methods' related test *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* ##### Features - **cli-lib:** add missing deploy options ([#25042](https://togithub.com/aws/aws-cdk/issues/25042)) ([ac40aed](https://togithub.com/aws/aws-cdk/commit/ac40aed6f79129d6793c663dcb81bb983e21f123)) - **codebuild:** adds support for standard (7.0) image ([#25136](https://togithub.com/aws/aws-cdk/issues/25136)) ([4eb5e99](https://togithub.com/aws/aws-cdk/commit/4eb5e99ef94fba1c1a643e159acd9e39f61ac7f7)), closes [#25124](https://togithub.com/aws/aws-cdk/issues/25124) - **core:** add rule IDs to the analytics string ([#25084](https://togithub.com/aws/aws-cdk/issues/25084)) ([0c1e885](https://togithub.com/aws/aws-cdk/commit/0c1e885b9d56718e21fde5c838b6a755a4c81235)) - **ec2:** add new latest amazon linux machine images ([#25083](https://togithub.com/aws/aws-cdk/issues/25083)) ([01fd89a](https://togithub.com/aws/aws-cdk/commit/01fd89a660710b27cd42e07a838a9a548e4f106e)), closes [#21011](https://togithub.com/aws/aws-cdk/issues/21011) [#24873](https://togithub.com/aws/aws-cdk/issues/24873) [#23523](https://togithub.com/aws/aws-cdk/issues/23523) - **events-targets:** Add tagging for ECS tasks triggered by an event ([#23838](https://togithub.com/aws/aws-cdk/issues/23838)) ([e3bc59a](https://togithub.com/aws/aws-cdk/commit/e3bc59a7ca8fc282051d97123f4d5a8bdd660db7)), closes [/github.com/aws/aws-cdk/pull/19583#pullrequestreview-936428722](https://togithub.com/aws//github.com/aws/aws-cdk/pull/19583/issues/pullrequestreview-936428722) [/github.com/aws/aws-cdk/pull/19583#pullrequestreview-936428722](https://togithub.com/aws//github.com/aws/aws-cdk/pull/19583/issues/pullrequestreview-936428722) - **kms:** add required aliasname prefix to aliasnames with tokens ([#25116](https://togithub.com/aws/aws-cdk/issues/25116)) ([1b18a19](https://togithub.com/aws/aws-cdk/commit/1b18a192fab79c6f65cb9c554a7473e36aa67297)), closes [#25033](https://togithub.com/aws/aws-cdk/issues/25033) - **rds:** Support SQL Server for RDS proxy ([#25102](https://togithub.com/aws/aws-cdk/issues/25102)) ([2ea3e45](https://togithub.com/aws/aws-cdk/commit/2ea3e455712e175a914fd9362ce26137a75f4fc7)), closes [#22164](https://togithub.com/aws/aws-cdk/issues/22164) [/github.com/aws/aws-cdk/issues/22164#issuecomment-1297767306](https://togithub.com/aws//github.com/aws/aws-cdk/issues/22164/issues/issuecomment-1297767306) ##### Bug Fixes - **assertions:** nested stacks inside non-root stages don't resolve t… ([#25006](https://togithub.com/aws/aws-cdk/issues/25006)) ([2d4a60d](https://togithub.com/aws/aws-cdk/commit/2d4a60dee7892041786482ac001e858511ac0b40)), closes [#24004](https://togithub.com/aws/aws-cdk/issues/24004) - **aws-cdk-lib:** compiled .js files are no longer being minified ([#25160](https://togithub.com/aws/aws-cdk/issues/25160)) ([b53727f](https://togithub.com/aws/aws-cdk/commit/b53727fccdb41eb7f95bb6b867f5295722cb085f)) - **batch:** `jobQueueName` returns ARN instead of name ([#25093](https://togithub.com/aws/aws-cdk/issues/25093)) ([a344507](https://togithub.com/aws/aws-cdk/commit/a34450771f908057f5a194c6bb3bb9694ce1682c)), closes [#23018](https://togithub.com/aws/aws-cdk/issues/23018) - **cloudwatch:** correct CompositeAlarm.fromCompositeAlarmName ARN format ([#24604](https://togithub.com/aws/aws-cdk/issues/24604)) ([3bf6adb](https://togithub.com/aws/aws-cdk/commit/3bf6adb48a96c89455017fc0aeba97a1fe118542)), closes [#24594](https://togithub.com/aws/aws-cdk/issues/24594) - **core:** Duration.parse() doesn't parse milliseconds ([#25010](https://togithub.com/aws/aws-cdk/issues/25010)) ([8ca4c09](https://togithub.com/aws/aws-cdk/commit/8ca4c09817d03a094ac395f9ad1adace931f74b4)), closes [#24971](https://togithub.com/aws/aws-cdk/issues/24971) - **core:** pull alpine image from ecr public ([#25179](https://togithub.com/aws/aws-cdk/issues/25179)) ([6d906f8](https://togithub.com/aws/aws-cdk/commit/6d906f8f99d3adc38f3dd15390bd3118701f2f81)), closes [#24969](https://togithub.com/aws/aws-cdk/issues/24969) - **ecs:** allow passing execution role to imported TaskDefinitions ([#24987](https://togithub.com/aws/aws-cdk/issues/24987)) ([0d156a8](https://togithub.com/aws/aws-cdk/commit/0d156a810a7a049e03f2d84582f12b7a231dea2e)), closes [#24984](https://togithub.com/aws/aws-cdk/issues/24984) [#24984](https://togithub.com/aws/aws-cdk/issues/24984) - **kinesis:** remove StreamModeDetails in template when not specified ([#24994](https://togithub.com/aws/aws-cdk/issues/24994)) ([787f38a](https://togithub.com/aws/aws-cdk/commit/787f38acf687f854cc77b9b258f0de8ad27520b0)), closes [#21829](https://togithub.com/aws/aws-cdk/issues/21829) - stack account id throws error if not a string ([#25134](https://togithub.com/aws/aws-cdk/issues/25134)) ([d9468c5](https://togithub.com/aws/aws-cdk/commit/d9468c5ce5e73bf2d987e0427b04c767e008bca0)) - **servicecatalogappregistry:** Remove deprecated resource in Application Construct ([#25095](https://togithub.com/aws/aws-cdk/issues/25095)) ([9222f21](https://togithub.com/aws/aws-cdk/commit/9222f217aa5f199dd88addc9d0dee0f3f900b5a2)) *** #### Alpha modules (2.76.0-alpha.0) ### [`v2.75.1`](https://togithub.com/aws/aws-cdk/releases/tag/v2.75.1) [Compare Source](https://togithub.com/aws/aws-cdk/compare/v2.75.0...v2.75.1) ##### Reverts - "fix(core): Add stage prefix to stack name shortening process [#24443](https://togithub.com/aws/aws-cdk/pull/25163) *** #### Alpha modules (2.75.1-alpha.0) ### [`v2.75.0`](https://togithub.com/aws/aws-cdk/releases/tag/v2.75.0) [Compare Source](https://togithub.com/aws/aws-cdk/compare/v2.74.0...v2.75.0) ##### Features - **aws-lambda:** Add AWS Lambda runtime python3.10 ([08fb3cd](https://togithub.com/aws/aws-cdk/commit/08fb3cdab13e2e2a68ceadb36702a108c429e674)) *** #### Alpha modules (2.75.0-alpha.0) ### [`v2.74.0`](https://togithub.com/aws/aws-cdk/releases/tag/v2.74.0) [Compare Source](https://togithub.com/aws/aws-cdk/compare/v2.73.0...v2.74.0) ##### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES - **batch:** `ComputeEnvironment` has been removed and replaced by `ManagedEc2EcsComputeEnvironment`, `ManagedEc2EksComputeEnvironment`, and `UnmanagedComputeEnvironment`. `JobDefinition` has been removed and replaced by `EcsJobDefinition`, `EksJobDefinition`, and `MultiNodeJobDefinition` ##### Features - **batch:** new L2 Constructs ([#24775](https://togithub.com/aws/aws-cdk/issues/24775)) ([92e6c67](https://togithub.com/aws/aws-cdk/commit/92e6c6706aae72d406cb5bf6a3f5c4d4885a5cb2)) - **ec2:** added ulimits property to ContainerDefinitionOptions ([#24963](https://togithub.com/aws/aws-cdk/issues/24963)) ([e37d16a](https://togithub.com/aws/aws-cdk/commit/e37d16ada1572518b4859c9dbf68e9f08eb3f4eb)), closes [#24918](https://togithub.com/aws/aws-cdk/issues/24918) - **pipelines:** allow artifactBucket to be overridden ([#24945](https://togithub.com/aws/aws-cdk/issues/24945)) ([292c846](https://togithub.com/aws/aws-cdk/commit/292c846531cc3ecb033569953ebad1826d06c341)) - **sagemaker:** support dlc images in sagemaker model ([#25018](https://togithub.com/aws/aws-cdk/issues/25018)) ([91553e5](https://togithub.com/aws/aws-cdk/commit/91553e5622fd702e5137f253d266e93b5f0b1a5e)), closes [/github.com/aws/aws-cdk/pull/17399/files#diff-356f35099770f68f4ceee2e63d34aad8729b0a9be6c933a0c05e999be7374685R98-R145](https://togithub.com/aws//github.com/aws/aws-cdk/pull/17399/files/issues/diff-356f35099770f68f4ceee2e63d34aad8729b0a9be6c933a0c05e999be7374685R98-R145) - **ses:** event destinations for configuration sets ([#24745](https://togithub.com/aws/aws-cdk/issues/24745)) ([3be43eb](https://togithub.com/aws/aws-cdk/commit/3be43eb1f467a0defcca6a298fd7c5c41ab80b6e)) - **step-functions-tasks:** Support PropagatedTagSource property for EcsRunTask ([#24949](https://togithub.com/aws/aws-cdk/issues/24949)) ([a98a981](https://togithub.com/aws/aws-cdk/commit/a98a98147534f89a219521a2e51a6a1e25a2ac06)), closes [#12999](https://togithub.com/aws/aws-cdk/issues/12999) - **stepfunctions-tasks:** Node.js 18.x runtime for `EvaluateExpression` ([#25002](https://togithub.com/aws/aws-cdk/issues/25002)) ([f26bfe9](https://togithub.com/aws/aws-cdk/commit/f26bfe9c1465389f1c8f5ef80c4e6ed9279fc0c2)) ##### Bug Fixes - **cloudwatch:** `p100` statistic is no longer recognized ([#24981](https://togithub.com/aws/aws-cdk/issues/24981)) ([adc1a13](https://togithub.com/aws/aws-cdk/commit/adc1a131c306eb3633a55b62cc301e276727a7da)), closes [#23095](https://togithub.com/aws/aws-cdk/issues/23095) [#24976](https://togithub.com/aws/aws-cdk/issues/24976) - **events-targets:** parameter JobName can exceed limit of 128 characters ([#24786](https://togithub.com/aws/aws-cdk/issues/24786)) ([923b9f1](https://togithub.com/aws/aws-cdk/commit/923b9f19152eec889f10db9849ecf1db016c33f3)), closes [#24654](https://togithub.com/aws/aws-cdk/issues/24654) - **redshift:** Column ids were not being default assigned ([#24546](https://togithub.com/aws/aws-cdk/issues/24546)) ([8a655bd](https://togithub.com/aws/aws-cdk/commit/8a655bdb57fa178a7247a2c74bc24fd1ff6e67a1)), closes [#24545](https://togithub.com/aws/aws-cdk/issues/24545) - **s3:** deprecate unencrypted encryption configuration for s3 bucket ([#24770](https://togithub.com/aws/aws-cdk/issues/24770)) ([b971615](https://togithub.com/aws/aws-cdk/commit/b971615b6d5577c7c972e4a816d9f0de38fe56b5)) - ecr policy warning always throws ([#25041](https://togithub.com/aws/aws-cdk/issues/25041)) ([c0c3d19](https://togithub.com/aws/aws-cdk/commit/c0c3d19039981eb71bb37b2b1e3a1d5c12025b4f)), closes [#25028](https://togithub.com/aws/aws-cdk/issues/25028) - **core:** Add stage prefix to stack name shortening process ([#24443](https://togithub.com/aws/aws-cdk/issues/24443)) ([55621ad](https://togithub.com/aws/aws-cdk/commit/55621adee7ee268c127333d0630eb93d1e472fa3)), closes [#23628](https://togithub.com/aws/aws-cdk/issues/23628) - **servicecatalogappregistry:** Imported attribute group cannot be associated to an application ([#24960](https://togithub.com/aws/aws-cdk/issues/24960)) ([4c2e7d6](https://togithub.com/aws/aws-cdk/commit/4c2e7d63b46490bbaf512b3c2b96efc189deb78d)) *** #### Alpha modules (2.74.0-alpha.0) ### [`v2.73.0`](https://togithub.com/aws/aws-cdk/releases/tag/v2.73.0) [Compare Source](https://togithub.com/aws/aws-cdk/compare/v2.72.1...v2.73.0) ##### Features - **cli:** exposed synth's quiet option in cdk.json ([#24793](https://togithub.com/aws/aws-cdk/issues/24793)) ([8c58b25](https://togithub.com/aws/aws-cdk/commit/8c58b25dc8b74eabc277c611503a9dbb4c6a57fc)), closes [#24251](https://togithub.com/aws/aws-cdk/issues/24251) - **pipelines:** Add ability to define fileSystemLocations for a CodePipeline ([#24584](https://togithub.com/aws/aws-cdk/issues/24584)) ([55906bb](https://togithub.com/aws/aws-cdk/commit/55906bbffc01780f380e61f470c091abee4d6835)), closes [#24495](https://togithub.com/aws/aws-cdk/issues/24495) - **rds:** Add dbname parameter to RDS.DatabaseSecret construct ([#24729](https://togithub.com/aws/aws-cdk/issues/24729)) ([b9ce0ee](https://togithub.com/aws/aws-cdk/commit/b9ce0ee2e65952ff42487f898aaca719babeb4f6)), closes [#24728](https://togithub.com/aws/aws-cdk/issues/24728) - **trigger:** Allow trigger to work with Lambda functions with long timeouts ([#24435](https://togithub.com/aws/aws-cdk/issues/24435)) ([30e05f0](https://togithub.com/aws/aws-cdk/commit/30e05f0c543fed9964c6d68740ae65336ba0ae23)), closes [#23788](https://togithub.com/aws/aws-cdk/issues/23788) ##### Bug Fixes - **core:** some trace info is missing from the validation report ([#24889](https://togithub.com/aws/aws-cdk/issues/24889)) ([5003cad](https://togithub.com/aws/aws-cdk/commit/5003cadbd89ff5e960fe8eb1c057c40d03bc8198)) - **ec2:** looking up a shared VPC has incorrect account ID in ARN ([#24486](https://togithub.com/aws/aws-cdk/issues/24486)) ([963634b](https://togithub.com/aws/aws-cdk/commit/963634b001c10dcc18d78d28d3e05504974bc140)), closes [#23865](https://togithub.com/aws/aws-cdk/issues/23865) - **ecr:** policytext errors when includes resource ([#24401](https://togithub.com/aws/aws-cdk/issues/24401)) ([a9d6966](https://togithub.com/aws/aws-cdk/commit/a9d6966ffc9b972e3e69d157f3f045d3c4e15827)) - **globalaccelerator:** parameter name can exceed limit of 64 characters ([#24796](https://togithub.com/aws/aws-cdk/issues/24796)) ([334dc80](https://togithub.com/aws/aws-cdk/commit/334dc80ffb076ab9d229a7944a2d7d711d1a445f)), closes [#24325](https://togithub.com/aws/aws-cdk/issues/24325) - **iam:** roleName not validated in fromRoleName function ([#24549](https://togithub.com/aws/aws-cdk/issues/24549)) ([637fc6a](https://togithub.com/aws/aws-cdk/commit/637fc6a8526b6a090c1ffb4b08ca1149fdb9755d)), closes [#24503](https://togithub.com/aws/aws-cdk/issues/24503) - **lambda-nodejs:** pnpm installs frozen lockfile in a CI environment ([#24781](https://togithub.com/aws/aws-cdk/issues/24781)) ([552cef4](https://togithub.com/aws/aws-cdk/commit/552cef48a7d98cd320150897ebcf1f2867360d56)), closes [/github.com/pnpm/pnpm/issues/1994#issuecomment-609403673](https://togithub.com/aws//github.com/pnpm/pnpm/issues/1994/issues/issuecomment-609403673) *** #### Alpha modules (2.73.0-alpha.0) ### [`v2.72.1`](https://togithub.com/aws/aws-cdk/releases/tag/v2.72.1) [Compare Source](https://togithub.com/aws/aws-cdk/compare/v2.72.0...v2.72.1) *** #### Alpha modules (2.72.1-alpha.0) ### [`v2.72.0`](https://togithub.com/aws/aws-cdk/releases/tag/v2.72.0) [Compare Source](https://togithub.com/aws/aws-cdk/compare/v2.71.0...v2.72.0) ##### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES - **cdk-lib:** The return type of `aws-cdk-lib.aws_ec2.SecurityGroup.determineRuleScope` was changed from a tuple (`[SecurityGroupBase, string]`) to a struct with the same values, because tuple types are not supported over the jsii interoperability layer, but `jsii@v1` was incorrectly allowing this to be represented as the `JSON` primitive type. This made the API unusable in non-JS languages. The type of the `metadata` property of `aws-cdk-lib.aws_s3_deployment.BucketDeploymentProps` was changed from an index-only struct to an inline map, because `jsii@v1` silently ignored the index signature (which is otherwise un-supported), resulting in an empty object in non-JS/TS languages. As a consequence, the values of that map can no longer be `undefined` (as `jsii` does not currently support nullable elements in collections). ##### Features - **apprunner-alpha:** support autoDeploymentsEnabled flag for Service ([#24612](https://togithub.com/aws/aws-cdk/issues/24612)) ([cf5a9c4](https://togithub.com/aws/aws-cdk/commit/cf5a9c49ed53a524b9670c88a9fbb7d705af0d3d)), closes [#24529](https://togithub.com/aws/aws-cdk/issues/24529) - **cfnspec:** cloudformation spec v117.0.0 ([#24779](https://togithub.com/aws/aws-cdk/issues/24779)) ([1b94ea6](https://togithub.com/aws/aws-cdk/commit/1b94ea6e622e849f158ee181e065f815a7166e5c)) - **cfnspec:** cloudformation spec v117.0.0 ([#24841](https://togithub.com/aws/aws-cdk/issues/24841)) ([84630e9](https://togithub.com/aws/aws-cdk/commit/84630e91bcba54aa440e744b3ce46cad7c6554f3)) - **cloudfront-origins:** allow custom originPath for apigateway.RestApi constructs ([#24023](https://togithub.com/aws/aws-cdk/issues/24023)) ([bc3db02](https://togithub.com/aws/aws-cdk/commit/bc3db02fd05925dfef8fe43dcd532ee22e9e8474)) - **core:** template validation after synthesis ([#23951](https://togithub.com/aws/aws-cdk/issues/23951)) ([20aeb0f](https://togithub.com/aws/aws-cdk/commit/20aeb0f50b627ecb3b4fdf88d6e73803eae02a8c)) - **dynamodb:** adds deletion protection for tables ([#24581](https://togithub.com/aws/aws-cdk/issues/24581)) ([6e400a9](https://togithub.com/aws/aws-cdk/commit/6e400a918b0f921a8e2926fbfa40214f522a6b5f)), closes [#24540](https://togithub.com/aws/aws-cdk/issues/24540) - **ecs:** support pseudo terminal allocation in container definition ([#24790](https://togithub.com/aws/aws-cdk/issues/24790)) ([3c0756a](https://togithub.com/aws/aws-cdk/commit/3c0756ae7fa96e19da2e6a21cf914579d31f64e6)) - **efs:** implement IResourceWithPolicy ([#24453](https://togithub.com/aws/aws-cdk/issues/24453)) ([5771d79](https://togithub.com/aws/aws-cdk/commit/5771d79b262be31d5f0497849c3ddf57fcf4e5d2)), closes [#15805](https://togithub.com/aws/aws-cdk/issues/15805) - **kms:** Adds support for hmac and sm2 key spec ([#23866](https://togithub.com/aws/aws-cdk/issues/23866)) ([f2f3c21](https://togithub.com/aws/aws-cdk/commit/f2f3c210507183dfb8a02452a43d3a79e355f03f)), closes [#23727](https://togithub.com/aws/aws-cdk/issues/23727) - **s3:** add `allowedActionPatterns` parameter to grantWrite ([#24211](https://togithub.com/aws/aws-cdk/issues/24211)) ([5b5c36f](https://togithub.com/aws/aws-cdk/commit/5b5c36f968127ed4c78cea77830a29c941532e27)), closes [#24074](https://togithub.com/aws/aws-cdk/issues/24074) - **s3-deployment:** added `Source.dataYaml` helper function ([#24579](https://togithub.com/aws/aws-cdk/issues/24579)) ([d969ddf](https://togithub.com/aws/aws-cdk/commit/d969ddf82f0eb6b1f0e094b43b1adaae137b9ef1)), closes [#24554](https://togithub.com/aws/aws-cdk/issues/24554) - added AllViewerExceptHostHeader as new OriginRequest policy ([#24562](https://togithub.com/aws/aws-cdk/issues/24562)) ([8dbca12](https://togithub.com/aws/aws-cdk/commit/8dbca1212c4887628b011ee049ffbc7e884b45bf)), closes [#24552](https://togithub.com/aws/aws-cdk/issues/24552) ##### Bug Fixes - **bootstrap:** ECR repository produces Security Hub finding \[ECR.3] because of missing lifecycle policy ([#24735](https://togithub.com/aws/aws-cdk/issues/24735)) ([cdfa970](https://togithub.com/aws/aws-cdk/commit/cdfa970cc3e9e507714999d42a472334720215bc)) - **cli:** cdk deploy output hook failure reason if cloudformation failed by hook ([#24444](https://togithub.com/aws/aws-cdk/issues/24444)) ([9d4b66a](https://togithub.com/aws/aws-cdk/commit/9d4b66a437a1ce2518d46764fe53c7d699576d6a)) - **cli:** pathMetadata and assetMetadata defaults cannot be configured in cdk.json ([#24533](https://togithub.com/aws/aws-cdk/issues/24533)) ([45bc57a](https://togithub.com/aws/aws-cdk/commit/45bc57a60ba23327179b3445faff1d64e0893587)), closes [#3573](https://togithub.com/aws/aws-cdk/issues/3573) - **dynamodb:** add missing iam permissions to custom resource for deleting dynamodb replica table ([#24682](https://togithub.com/aws/aws-cdk/issues/24682)) ([f35b70b](https://togithub.com/aws/aws-cdk/commit/f35b70b547810a56d1d4d0f41d41c3d610e8d780)), closes [#22069](https://togithub.com/aws/aws-cdk/issues/22069) - **ec2:** tokenised subnet.subnetId filtered by the SubnetIdSubnetFilter returns an empty array ([#24625](https://togithub.com/aws/aws-cdk/issues/24625)) ([d0912ca](https://togithub.com/aws/aws-cdk/commit/d0912cad3d165f441f75cada524468a79de46000)), closes [#24427](https://togithub.com/aws/aws-cdk/issues/24427) - **ec2:** VPC Flow Log record fields are not available ([#24812](https://togithub.com/aws/aws-cdk/issues/24812)) ([65fb7a6](https://togithub.com/aws/aws-cdk/commit/65fb7a6fa25ef064fb87ee00d0cd47ad28f7127d)), closes [#24807](https://togithub.com/aws/aws-cdk/issues/24807) - **ecs:** cpu in container definition may be less than total cpu allocated to the container ([#24647](https://togithub.com/aws/aws-cdk/issues/24647)) ([dc064be](https://togithub.com/aws/aws-cdk/commit/dc064bed47c08ef8e9291d560d56884ddc9e9f67)), closes [#24629](https://togithub.com/aws/aws-cdk/issues/24629) - **lambda-nodejs:** pnpm no longer supports nodejs14.x ([#24821](https://togithub.com/aws/aws-cdk/issues/24821)) ([b1c9ab2](https://togithub.com/aws/aws-cdk/commit/b1c9ab23482bc0f83904fc10112561f93a69cfc5)) - **logs-destinations:** missing dependency to Permission Policy created by LambdaDestination ([#24823](https://togithub.com/aws/aws-cdk/issues/24823)) ([72b3a95](https://togithub.com/aws/aws-cdk/commit/72b3a95d02e6b8f9d6799c00cc95aa7072990d67)), closes [#21941](https://togithub.com/aws/aws-cdk/issues/21941) [/github.com/aws/aws-cdk/pull/22100#issue-1377109110](https://togithub.com/aws//github.com/aws/aws-cdk/pull/22100/issues/issue-1377109110) - **logs-destinations:** missing dependency to Policy created by KinesisDestination ([#24811](https://togithub.com/aws/aws-cdk/issues/24811)) ([3c98d1e](https://togithub.com/aws/aws-cdk/commit/3c98d1e4f3a9097e4e0c3549f55ab8f9c2a14de8)), closes [#21827](https://togithub.com/aws/aws-cdk/issues/21827) [/github.com/aws/aws-cdk/issues/21827#issuecomment-1382128416](https://togithub.com/aws//github.com/aws/aws-cdk/issues/21827/issues/issuecomment-1382128416) - **s3-deployment:** physical id not set during failure scenario ([#24428](https://togithub.com/aws/aws-cdk/issues/24428)) ([be4be99](https://togithub.com/aws/aws-cdk/commit/be4be99ddebd7c81a4122efd51ea2c8beafa6bc1)), closes [#22670](https://togithub.com/aws/aws-cdk/issues/22670) - **stepfunctions-tasks:** updated EMR service role to use `AmazonEMRServicePolicy_v2` (under feature flag) ([#23985](https://togithub.com/aws/aws-cdk/issues/23985)) ([f3fd183](https://togithub.com/aws/aws-cdk/commit/f3fd18389fcb69d5a6fb6d2964afa21e1c7d01e3)), closes [#23915](https://togithub.com/aws/aws-cdk/issues/23915) ##### Miscellaneous Chores - **cdk-lib:** migrate to jsii@5.0 / jsii-rosetta@5.0 ([#24425](https://togithub.com/aws/aws-cdk/issues/24425)) ([6d581d7](https://togithub.com/aws/aws-cdk/commit/6d581d7d4a0107dc5acd532c603f90d253d8f72e)) *** #### Alpha modules (2.72.0-alpha.0) ##### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES - **servicecatalogappregistry:** This commit involves share replacement during the deployment of `ApplicationAssociator` due to share construct id update. After this change, frequent share replacements due to structural change in `Application` construct should be avoided. `Application.shareApplication` starts to require construct id (first argument) and share name (added in `ShareOption`) as input. - **ivs:** Renamed ChannelProps.name to ChannelProps.channelName - Renamed PlaybackKeyPairProps.name to PlaybackKeyPairProps.playbackKeyPairName - Channel now generates a physical name if one is not provided - PlaybackKeyPair now generates a physical name if one is not provided ##### Bug Fixes - **integ-runner:** update workflow doesn't support resource replacement ([#24720](https://togithub.com/aws/aws-cdk/issues/24720)) ([07d3aa7](https://togithub.com/aws/aws-cdk/commit/07d3aa74e6c1a7b3b7ddf298cf3cc4b7ff180b48)) - **ivs:** Not a standard physical name pattern ([#24706](https://togithub.com/aws/aws-cdk/issues/24706)) ([7d17fe3](https://togithub.com/aws/aws-cdk/commit/7d17fe32d20cd847733bffdd899c4659a7b0003c)) - **servicecatalogappregistry:** RAM Share is replaced on every change to Application ([#24760](https://togithub.com/aws/aws-cdk/issues/24760)) ([8977d0d](https://togithub.com/aws/aws-cdk/commit/8977d0d2b567c9fcf32076b66f2dcb7f993bb22a)) ### [`v2.71.0`](https://togithub.com/aws/aws-cdk/releases/tag/v2.71.0) [Compare Source](https://togithub.com/aws/aws-cdk/compare/v2.70.0...v2.71.0) ##### Features - **core:** template validation after synthesis ([#23951](https://togithub.com/aws/aws-cdk/issues/23951)) ([91d6509](https://togithub.com/aws/aws-cdk/commit/91d6509ce43285a20aca85d45e4017b7dcfbe49f)) ##### Bug Fixes - **lambda-nodejs:** pnpm no longer supports nodejs14.x ([#24821](https://togithub.com/aws/aws-cdk/issues/24821)) ([a8e9370](https://togithub.com/aws/aws-cdk/commit/a8e9370012798a339f6d66f5d441723dd9984c86)) *** #### Alpha modules (2.71.0-alpha.0) ### [`v2.70.0`](https://togithub.com/aws/aws-cdk/releases/tag/v2.70.0) [Compare Source](https://togithub.com/aws/aws-cdk/compare/v2.69.0...v2.70.0) ##### Features - **cfnspec:** cloudformation spec v116.0.0 ([#24662](https://togithub.com/aws/aws-cdk/issues/24662)) ([e8158af](https://togithub.com/aws/aws-cdk/commit/e8158af34eb6402c79edbc171746fb5501775c68)) - **cloudwatch:** added defaultInterval prop to cw-dashboard ([#24707](https://togithub.com/aws/aws-cdk/issues/24707)) ([d4717cf](https://togithub.com/aws/aws-cdk/commit/d4717cf035c9f7027d8081ea1f15a631044315e8)) - **ec2:** CFN-init support for systemd ([#24683](https://togithub.com/aws/aws-cdk/issues/24683)) ([f3fe8e1](https://togithub.com/aws/aws-cdk/commit/f3fe8e1c4348194f89b47a276e6c85328b1044fa)) - **ec2:** SSM sessions ([#24673](https://togithub.com/aws/aws-cdk/issues/24673)) ([9744a82](https://togithub.com/aws/aws-cdk/commit/9744a8295fab28f1e8c38a0b980935f7546990e6)) - **ecr:** add option to auto delete images upon ECR repository removal ([#24572](https://togithub.com/aws/aws-cdk/issues/24572)) ([7de5b00](https://togithub.com/aws/aws-cdk/commit/7de5b00dcf24c4f6721317860c7e42c485e3ca58)), closes [#15932](https://togithub.com/aws/aws-cdk/issues/15932) [#12618](https://togithub.com/aws/aws-cdk/issues/12618) [#15932](https://togithub.com/aws/aws-cdk/issues/15932) - **elasticloadbalancing:** classic load balancer supports ec2 instances ([#24353](https://togithub.com/aws/aws-cdk/issues/24353)) ([25b6edd](https://togithub.com/aws/aws-cdk/commit/25b6edd9d83e4766a2cb064b8eb8e3c6198b4f53)), closes [#23500](https://togithub.com/aws/aws-cdk/issues/23500) - **servicecatalogappregistry-alpha:** Introduce flag to control application sharing and association behavior for cross-account stacks ([#24408](https://togithub.com/aws/aws-cdk/issues/24408)) ([2167289](https://togithub.com/aws/aws-cdk/commit/2167289658e8f3431ec815c741277dc1be1aa110)), closes [aws-cdk/aws-servicecatalogappregistry/lib/aspects/stack-associator.ts#L91-L95](https://togithub.com/aws-cdk/aws-servicecatalogappregistry/lib/aspects/stack-associator.ts/issues/L91-L95) ##### Bug Fixes - **bootstrap:** remove Security Hub finding KMS.2 ([#24588](https://togithub.com/aws/aws-cdk/issues/24588)) ([274c3d5](https://togithub.com/aws/aws-cdk/commit/274c3d54dcc0b9534d1ede287fe3672ec9883dbe)), closes [/docs.aws.amazon.com/securityhub/latest/userguide/kms-controls.html#kms-2](https://togithub.com/aws//docs.aws.amazon.com/securityhub/latest/userguide/kms-controls.html/issues/kms-2) - **cli:** no change deployment prints "hotswap deployment skipped" without hotswap flag ([#24602](https://togithub.com/aws/aws-cdk/issues/24602)) ([79151fd](https://togithub.com/aws/aws-cdk/commit/79151fd7f4916defeb1e17d3bcdbec1e119ec994)) - **cli:** user agent is reported as `undefined/undefined` ([#24663](https://togithub.com/aws/aws-cdk/issues/24663)) ([3e8d8d8](https://togithub.com/aws/aws-cdk/commit/3e8d8d8e1b9a88376a6460094dea0c08ce19742e)) - **eks:** fail to update cluster by disabling logging props ([#24688](https://togithub.com/aws/aws-cdk/issues/24688)) ([767cf93](https://togithub.com/aws/aws-cdk/commit/767cf93eb131c707f8243e8f3779dd3bad89271a)) - **sfn:** stop replacing JsonPath.DISCARD with `null` ([#24717](https://togithub.com/aws/aws-cdk/issues/24717)) ([413b643](https://togithub.com/aws/aws-cdk/commit/413b64347f333573b2a07150e87244bd4c11d264)), closes [#24593](https://togithub.com/aws/aws-cdk/issues/24593) - **toolkit:** RWLock.acquireRead is not re-entrant ([#24702](https://togithub.com/aws/aws-cdk/issues/24702)) ([3b7431b](https://togithub.com/aws/aws-cdk/commit/3b7431b6ac27f8557c22a8959ae1ce431f6d2167)) - **WAFv2:** add patch to revert struct names ([#24651](https://togithub.com/aws/aws-cdk/issues/24651)) ([dfa09d1](https://togithub.com/aws/aws-cdk/commit/dfa09d133523f0457a9ab2369bde13b44c398c30)), closes [/github.com/aws/aws-cdk/commit/affe040c8443be074822254d1e75a28b264cd801#diff-827a2fd012e049c7ccedffa0360c12e7d967a173f36b8150de73ef6adc42ee4cL175-L357](https://togithub.com/aws//github.com/aws/aws-cdk/commit/affe040c8443be074822254d1e75a28b264cd801/issues/diff-827a2fd012e049c7ccedffa0360c12e7d967a173f36b8150de73ef6adc42ee4cL175-L357) *** #### Alpha modules (2.70.0-alpha.0) ##### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES - **servicecatalogappregistry:** This commit contains destructive changes to the RAM Share. Since the application RAM share name is calculated by the application construct, where one method is added. Integration test detects a breaking change where RAM share will be created. Integration test snapshot is updated to cater this destructive change. ##### Features - **servicecatalogappregistry:** add attribute groups to an application ([#24672](https://togithub.com/aws/aws-cdk/issues/24672)) ([7baffa2](https://togithub.com/aws/aws-cdk/commit/7baffa239a7904cd73ac73537101ed5bd40aa9a0)) ### [`v2.69.0`](https://togithub.com/aws/aws-cdk/releases/tag/v2.69.0) [Compare Source](https://togithub.com/aws/aws-cdk/compare/v2.68.0...v2.69.0) ##### Features - **custom-resources:** AwsCustomResource copy physicalResourceId from request when omit it in onUpdate ([#24194](https://togithub.com/aws/aws-cdk/issues/24194)) ([21ad7a7](https://togithub.com/aws/aws-cdk/commit/21ad7a7a0462a00c491ed104163d2065828a9aa1)), closes [#23843](https://togithub.com/aws/aws-cdk/issues/23843) - **docdb:** added ability to enable performance insights ([#24039](https://togithub.com/aws/aws-cdk/issues/24039)) ([c897f44](https://togithub.com/aws/aws-cdk/commit/c897f44ea438487a8bf48053dead667c35cade02)), closes [#24036](https://togithub.com/aws/aws-cdk/issues/24036) - **ecr-assets:** Support cache-from and cache-to flags ([#24024](https://togithub.com/aws/aws-cdk/issues/24024)) ([4e02566](https://togithub.com/aws/aws-cdk/commit/4e02566fab0f6c6708c9ee766e2805adbb329f18)) - **eks:** support for Kubernetes version 1.25 ([#24484](https://togithub.com/aws/aws-cdk/issues/24484)) ([70fd3e9](https://togithub.com/aws/aws-cdk/commit/70fd3e97e5b3555f4036ada6e562cec4359cadeb)), closes [#24282](https://togithub.com/aws/aws-cdk/issues/24282) - **rds:** add support for minor versions of PostgreSQL: 14.7, 13.10, 12.14, and 11.19 ([#24539](https://togithub.com/aws/aws-cdk/issues/24539)) ([15cb919](https://togithub.com/aws/aws-cdk/commit/15cb919fab9d20d0e8f0485662131cbb10980269)) - **rds:** PostgreSQL engine version 15.2 ([#24463](https://togithub.com/aws/aws-cdk/issues/24463)) ([59d795b](https://togithub.com/aws/aws-cdk/commit/59d795b6e8d77b2d2d099169eaeb83a66c9d6a1a)), closes [#24462](https://togithub.com/aws/aws-cdk/issues/24462) ##### Bug Fixes - **custom-resource:** custom resources fail with data containing multi-byte utf8 chars ([#24501](https://togithub.com/aws/aws-cdk/issues/24501)) ([9bd5078](https://togithub.com/aws/aws-cdk/c

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

aws-samples / aws-sdk-js-notes-app