chore(release): 2.199.0 #34561
Merged
chore(release): 2.199.0 #34561
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Issue # (if applicable) Closes #34376. ### Reason for this change ### Description of changes This PR corrects the JSDoc comment for the `storageType` property in `DatabaseCluster`. According to CloudFormation documentation, the default value for Aurora clusters is `aurora` (Aurora Standard), not `aurora-iopt1` (Aurora I/O Optimized) as incorrectly documented. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html#cfn-rds-dbcluster-storagetype ### Describe any new or updated permissions being added ### Description of how you validated changes ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Add new models. Ref: https://aws.amazon.com/about-aws/whats-new/2025/05/anthropics-claude-4-foundation-models-amazon-bedrock/ ```sh aws bedrock list-foundation-models \ --region us-west-2 \ --query 'modelSummaries[].modelId' \ --output table ---------------------------------------------------- | ListFoundationModels | +--------------------------------------------------+ ... | anthropic.claude-opus-4-20250514-v1:0 | | anthropic.claude-sonnet-4-20250514-v1:0 | ... ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…lEngineVersion.of() (#33564) Previously, AuroraMysqlEngineVersion.of() incorrectly determined whether import and export roles should be combined. This caused inconsistent behavior when specifying engine versions manually using AuroraMysqlEngineVersion.of(...), leading to incorrect parameter settings in the DBClusterParameterGroup. ### Issue #33562 Closes #33562 ### Reason for this change The issue arises when specifying a custom Aurora MySQL version using AuroraMysqlEngineVersion.of(...). The logic for determining whether import and export roles should be combined is incorrect. It should be based on the major version. This bug causes s3ExportBuckets to configure DBClusterParameterGroup incorrectly: - It adds .aurora_select_into_s3_role instead of .aws_default_s3_role - This behavior differs from using built-in versions like AuroraMysqlEngineVersion.VER_3_07_1 ### Description of changes If the major version is not "5.7", _combineImportAndExportRoles is set to true ### Describe any new or updated permissions being added None. ### Description of how you validated changes - Ran unit tests to confirm that the changes work as expected ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
… to NetworkMultipleTargetGroupsFargateService (#34516) ### Issue # (if applicable) Closes #34368. ### Reason for this change Setting minHealthyPercent on the `NetworkMultipleTargetGroupsFargateService` in ecs_patterns doesn't prevent the warning for not setting `minimumHealthyPercent` from being displayed. When explicitly setting the minimumHealthyPercent via the underlying L1, the warning still appears. This is noisy for users who monitor their deployments for notices/warnings/errors and should also be supported as a feature directly on the L3. ### Description of changes - Added `minHealthyPercent` and `maxHealthyPercent` properties to the `NetworkMultipleTargetGroupsFargateServiceProps` interface - Updated the `createFargateService` method to pass these properties to the underlying `FargateService` constructor - Added tests to verify that setting `minHealthyPercent` properly passes the value to the service and prevents warnings ### Describe any new or updated permissions being added No new or updated permissions are needed. ### Description of how you validated changes Added two unit tests: 1. To verify that setting minHealthyPercent and maxHealthyPercent correctly passes the values to the AWS::ECS::Service resource 2. To verify that setting minHealthyPercent prevents warnings from being displayed ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…34418) ### Issue # (if applicable) None ### Reason for this change Cloudformation now supports for configuring deletion protection check for configuration profile in addition to environment. https://docs.aws.amazon.com/appconfig/latest/userguide/deletion-protection.html https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-resource-appconfig-configurationprofile.html#cfn-appconfig-configurationprofile-deletionprotectioncheck ### Description of changes - Add `deletionProtectionCheck` to both `HostedConfigurationProfileProps` and `SourcedConfigurationProfileProps` ### Describe any new or updated permissions being added None ### Description of how you validated changes Add both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…arget (#34259) ### Issue # (if applicable) There's currently no issue for this, but I'd be happy to create it. ### Reason for this change Using an IAM role also fixes potential issues of failed published messages in case the target SNS topic is encrypted with KMS. According to this article, it's recommended to use execution roles for EventBridge targets. https://aws.amazon.com/about-aws/whats-new/2025/03/amazon-eventbridge-iam-execution-role-all-targets/ > We recommend configuring execution roles for all your EventBridge targets to benefit from consistent permissions policies and (...) ### Description of changes The `SnsTopic` target still has the same default behavior. However, it's now possible to opt-in to IAM role usage by setting the `authorizeUsingRole` property to `true`. It's also possible to provide a custom `role` as property. ### Describe any new or updated permissions being added The `sns:Publish` action is allowed on the topicArn in case an IAM role is used. ### Description of how you validated changes Unit tests were updated and added. There was already an integration test for the SnsTopic target without role usage. I've added two more integration tests: one where `authorizeUsingRole` is set to true, and one where a custom role is provided. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ation (#31913) This PR was [previously created](#29043) and passed the community review, but the maintainer review stopped midway, and it was eventually closed. There shouldn’t be any issues with the content, so I am submitting the PR again. ### Issue # (if applicable) Closes #29042 ### Reason for this change AWS stepfunctions support optimized integration with AWS bedrock. Currently, only invokeModel is supported by CDK, but I would like createModelCustomizationJob to be supported in the same manner. ### Description of changes I've added CreatemodelCustomizationJob class. ```ts const taskConfig = { baseModel: model, clientRequestToken: 'MyToken', customizationType: CustomizationType.FINE_TUNING, kmsKey, customModelName: 'MyCustomModel', customModelTags: [{ key: 'key1', value: 'value1' }], hyperParameters: { batchSize: '10', }, jobName: 'MyCustomizationJob', jobTags: [{ key: 'key2', value: 'value2' }], outputDataS3Uri: outputBucket.s3UrlForObject(), trainingDataS3Uri: trainingBucket.s3UrlForObject(), validationDataS3Uri: [validationBucket.s3UrlForObject()], vpcConfig: { securityGroups: [new ec2.SecurityGroup(stack, 'SecurityGroup', { vpc })], subnets: vpc.isolatedSubnets, }, }; const task1 = new BedrockCreateModelCustomizationJob(stack, 'CreateModelCustomizationJob1', taskConfig); const chain = sfn.Chain .start(new sfn.Pass(stack, 'Start')) .next(task1) .next(new sfn.Pass(stack, 'Done')); new sfn.StateMachine(stack, 'StateMachine', { definitionBody: sfn.DefinitionBody.fromChainable(chain), timeout: cdk.Duration.seconds(30), }); ``` ### Description of how you validated changes I've added both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.
### Issue # (if applicable) ### Reason for this change We recommend to use cross stack reference but does not provide workaround when fail due to cross stack reference issue. ### Description of changes Adding a readme to explain ### Describe any new or updated permissions being added ### Description of how you validated changes ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…for certificates on HTTP protocol (#34233) ### Issue # (if applicable) ### Reason for this change ElasticLoadBalancerV2 throw a 400 error if you try to append a certificate to a listener on port 80 (or protocol HTTP). This PR brings this same validation to CDK ### Description of changes Added a new check for the application protocol and the length of certificates, and if there is any certificate, throw a validation error. Also, added a test for this case. ### Describe any new or updated permissions being added ### Description of how you validated changes ### Checklist My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license
…m CcApi context provider has exactly one resource (#34199) ### Issue # (if applicable) Follow-up to #33619. ### Reason for this change CcApi context provider now can expect the matched count of resources: aws/aws-cdk-cli#251. `PrefixList.fromLookup()` is needed to be updated using this feature not to persist invalid results in `cdk.context.json`. See also aws/aws-cdk-cli#257. ### Description of changes - Bumped `@aws-cdk/cloud-assembly-schema` to latest ^43.6.0. - Specify `expectedMatchCount: 'exactly-one'` to expect exactly one prefix list id is returned. - Updated validation to check unexpected result. Actual error will be returned from the context provider. ### Describe any new or updated permissions being added N/A ### Description of how you validated changes Updated integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #34001 ### Description of changes `Addon` support configurationValues, both v1 and v2 ### Description of how you validated changes Unit + Integ ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…34555) Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-aps │ └ resources │ └[~] resource AWS::APS::Workspace │ ├ properties │ │ └[+] QueryLoggingConfiguration: QueryLoggingConfiguration │ └ types │ ├[+] type CloudWatchLogDestination │ │ ├ documentation: Represents a cloudwatch logs destination for query logging │ │ │ name: CloudWatchLogDestination │ │ └ properties │ │ └ LogGroupArn: string (required) │ ├[+] type LoggingDestination │ │ ├ documentation: Destinations for query logging │ │ │ name: LoggingDestination │ │ └ properties │ │ ├ CloudWatchLogs: CloudWatchLogDestination (required) │ │ └ Filters: LoggingFilter (required) │ ├[+] type LoggingFilter │ │ ├ documentation: Filters for logging │ │ │ name: LoggingFilter │ │ └ properties │ │ └ QspThreshold: integer (required) │ └[+] type QueryLoggingConfiguration │ ├ documentation: Query logging configuration │ │ name: QueryLoggingConfiguration │ └ properties │ └ Destinations: Array<LoggingDestination> (required) ├[~] service aws-bedrock │ └ resources │ ├[~] resource AWS::Bedrock::Flow │ │ └ types │ │ ├[~] type FlowNodeConfiguration │ │ │ └ properties │ │ │ └[+] InlineCode: InlineCodeFlowNodeConfiguration │ │ └[+] type InlineCodeFlowNodeConfiguration │ │ ├ documentation: Inline code config strucuture, contains code configs │ │ │ name: InlineCodeFlowNodeConfiguration │ │ └ properties │ │ ├ Code: string (required) │ │ └ Language: string (required) │ ├[~] resource AWS::Bedrock::FlowAlias │ │ ├ properties │ │ │ └[+] ConcurrencyConfiguration: FlowAliasConcurrencyConfiguration │ │ └ types │ │ └[+] type FlowAliasConcurrencyConfiguration │ │ ├ name: FlowAliasConcurrencyConfiguration │ │ └ properties │ │ ├ Type: string (required) │ │ └ MaxConcurrency: number │ └[~] resource AWS::Bedrock::FlowVersion │ └ types │ ├[~] type FlowNodeConfiguration │ │ └ properties │ │ └[+] InlineCode: InlineCodeFlowNodeConfiguration │ └[+] type InlineCodeFlowNodeConfiguration │ ├ documentation: Inline code config strucuture, contains code configs │ │ name: InlineCodeFlowNodeConfiguration │ └ properties │ ├ Code: string (required) │ └ Language: string (required) ├[~] service aws-ses │ └ resources │ └[+] resource AWS::SES::MailManagerAddressList │ ├ name: MailManagerAddressList │ │ cloudFormationType: AWS::SES::MailManagerAddressList │ │ documentation: Definition of AWS::SES::MailManagerAddressList Resource Type │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ ├ properties │ │ ├ AddressListName: string (immutable) │ │ └ Tags: Array<tag> │ └ attributes │ ├ AddressListId: string │ └ AddressListArn: string └[~] service aws-vpclattice └ resources ├[~] resource AWS::VpcLattice::ResourceConfiguration │ └ properties │ ├ Name: - string │ │ + string (required) │ └ ResourceConfigurationType: - string (immutable) │ + string (required, immutable) └[~] resource AWS::VpcLattice::ResourceGateway └ properties ├ Name: - string (immutable) │ + string (required, immutable) ├ SubnetIds: - Array<string> (immutable) │ + Array<string> (required, immutable) └ VpcIdentifier: - string (immutable) + string (required, immutable) ``` BREAKING CHANGE: Some L1 resources experienced breaking changes due to updated CloudFormation resources. Please check the notes for each specific module for more information. * **aws-cdl-lib.vpc_lattice**: the `name` and `resourceConfigurationType` property in `CfnResourceConfigurationProps` has changed from optional to required. Also, the `name`, `subnetIds` and `vpcIdentifier` properties in `CfnResourceGatewayProps` have changed form optional to mandatory.
updating changelog message
Updated changelog message
Collaborator
Author
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Contributor
|
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
Contributor
|
Comments on closed issues and PRs are hard for our team to see. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
12 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG