Features

• publish 'app-staging-synthesizer-alpha' for Go (#34364) (4e3df41)
• update L1 CloudFormation resource definitions (#34357) (24a40a9)
• apigateway: dualstack REST API (#34114) (efdcb9d)

Bug Fixes

• codepipeline: allow both pullRequestFilter and pushFilter (#34267) (1cac5a0), closes #34253
• route53-targets: beanstalk allow specifying hostedZoneId to support token endpoint with default value derived from stack region or endpointUrl (#34122) (9e52752), closes #31843
• s3-notifications: add a key policy to trust S3 for notifications to an SNS topic encrypted with a KMS key (under feature flag) (#33858) (1e87861), closes #16271

Reverts

• "chore: make all L2 Constructs property injectable during release" (#34371) (1e722ad), closes aws/aws-cdk#34328
• "feat: property injection for 122 constructs" (#34370) (2594f3c), closes aws/aws-cdk#33887

Alpha modules (2.195.0-alpha.0)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• iot: By default, deviceDertificateAgeCheck is automatically enabled.

Features

• iot: device certificate age check audit configuration (#33816) (9ad383d)
• location: support L2 API Key Construct (#32733) (d867878), closes #30684

Bug Fixes

• amplify-alpha: example code for adding a custom rule is wrong (#34353) (8ab2606), closes #34351

Features

• update L1 CloudFormation resource definitions (#34278) (e37faed)
• events: throw ValidationErrors instead of untyped Errors (#34316) (06b463f), closes #32569

Alpha modules (2.194.0-alpha.0)

Features

• appsync: add support for data source integrations (#34248) (2fac64e), closes #34264
• codepipeline-actions: add pipeline invoke action support. (#34039) (5488048), closes #33818
• eks: pass additional helm chart values to aws-load-balancer-controller (#34077) (6f0605b), closes #29707 /github.com/kubernetes-sigs/aws-load-balancer-controller/blob/main/helm/aws-load-balancer-controller/values.yaml#L199
• kinesis: throw ValidationErrors instead of untyped Errors (#34239) (7f378b6), closes #32569

Bug Fixes

• efs: support imported subnet (#34041) (20df8fb), closes #33876
• stepfunctions: containsTaskToken doesn't handle null values (#34295) (37a66da), closes #34293

Alpha modules (2.193.0-alpha.0)

Features

• pipes-targets-alpha: support Amazon Data Firehose target (#33860) (ebf1ea2)

Features

• apigateway: add mode property for SpecRestApi (#34198) (feadd8c)
• events: Rule support role (#33779) (9e4c9a9), closes #33722
• iam: support Role.fromLookup() method (#33603) (9e3cbf6), closes #33602
• rds: add support for SQL Server engine versions 15.00.4430.1.v1 and 16.00.4185.3.v1 (#34175) (63f09f1)
• ses: add fromEmailIdentityArn (#33984) (72ee4a7), closes #33981

Bug Fixes

• eks: update aws-node-termination-handler chart version (#34218) (3380742), closes /github.com/aws/aws-cdk/blob/58c2631de585b300cf8573ab423dcc75791cc3d2/packages/aws-cdk-lib/aws-eks/lib/cluster.ts#L1184-L1188

Alpha modules (2.192.0-alpha.0)

Features

• applicationsignals-alpha: introduce Application Signals L2 constructs (#32931) (e7a6e14)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• neptune-alpha: Id attribute is being removed from the
  AWS::Neptune::DBClusterParameterGroup and AWS::Neptune::DBParameterGroup
  resources

⚠ BREAKING CHANGES TO L1 constructs

• cloudformation: Some L1 resources experienced breaking changes due to
  updated CloudFormation resources. Please check the notes for each
  specific module for more information.
• aws-launchwizard: specifications prop moved from required to
  optional in CfnDeployment
• aws-ses: attribute attribute moved from required to optional in
  RuleBooleanToEvaluateProperty

Features

• cloudformation: update L1 CloudFormation resource definitions (#34207) (adfa416)
• update L1 CloudFormation resource definitions (e3483c2)
• codebuild: add additional build images for lambda (#34197) (5a265d1)
• rds: add Aurora MySQL versions 2.12.4, 3.08.2 (#34045) (1dd993e)

Alpha modules (2.191.0-alpha.0)

Features

• location: throw ValidationError instead of untyped errors (#34174) (2ecf14a)
• msk: throw ValidationError instead of untyped errors (#34214) (02cb5a4)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• cloudformation: Some L1 resources experienced breaking changes due to updated CloudFormation resources. Please check the notes for each specific module for more information.
• backup: The ScheduleStatus property has been removed from AWS::Backup::RestoreTestingPlan.
• eks: The DisableSessionTags and TargetRoleArn properties and ExternalId attribute have been removed from AWS::EKS::PodIdentityAssociation.
• neptune: The Id attribute has been removed from AWS::Neptune::DBSubnetGroup.
• rds: The CertificateDetails and Endpoint properties have been removed from AWS::RDS::DBInstance.
• redshiftserverless: The Workgroup.BaseCapacity attribute has been removed from AWS::RedshiftServerless::Workgroup.
• s3-deployment: The automatic JSON escaping behavior introduced in PR #33698 is now opt-in via the new escape parameter in Source.jsonData(). Users who were relying on the automatic JSON escaping for handling special characters in JSON files will need to explicitly enable this behavior by passing { escape: true } as the third parameter.

Features

• apigatewayv2: HttpStage access logging (#33977) (d04e40f), closes #11100
• bedrock: support Amazon Nova Sonic 1.0 (#34134) (9ffa244)
• cloudformation: update L1 CloudFormation resource definitions (#34164) (4c3ed77)
• cloudfront: backfill enum values in cloudfront module (#34075) (d43e829)
• cognito-identitypool: throw ValidationErrors instead of untyped Errors (#34109) (faee209)
• elasticloadbalancingv2: subnet mappings for network load balancer (#33736) (c6905c6), closes #9696
• fsx: throw ValidationErrors instead of untyped Errors (#34120) (271e439), closes #32569
• rds: new DatabaseInstance.fromLookup (#33258) (eb97d2d)
• s3: allow specifying a custom IAM Role for bucket replication (#33978) (615f626), closes #33974
• ses: throw ValidationErrors instead of untyped Errors (#34098) (7147e75)
• stepfunctions: add support for custom WriterConfig fields for ResultWriter in Distributed Map (#33772) and (#33601) (#33831) (78af355)

Bug Fixes

• cloudfront: fix validation for unresolved webAclId tokens (#34102) (f2c5f26), closes #34099
• core: implicit Aspect applications do not override custom Aspect applications (#34132) (9a76fdc)
• core: typo (#34123) (753ed62)
• custom-resources: custom resource config addLogRetentionLifetime parameter typo (#34090) (78be158), closes #34083
• ecs: FluentdLogDriver add async replacing deprecated asyncConnect (#34059) (c993d34), closes #34055
• eks: integ test faild with InvalidParameterException (#33767) (b19eb69), closes /github.com/aws/aws-cdk/pull/33673#issuecomment-2721663660
• s3-deployment: optimize memory usage for large files (#34020) (7d82072), closes #34002 #22661 #33698 #33698 #33698

Reverts

• ecs: add validation checks to memory cpu combinations of FARGATE compatible task definitions (#34155) (c4fd9fd), closes aws/aws-cdk#33608

Alpha modules (2.190.0-alpha.0)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• ec2-alpha: The logical ID for the NAT Gateway, defined using the addNatGateways method, will be changed, resulting in the NAT Gateway being recreated. Additionally, the domain for the Elastic IP (EIP) will be set to vpc, which will also trigger its recreation in the account.

Features

• ec2: enabling features for ipv6 and dualstack support with corresponding unit tests (#33898) (47a65db), closes #3873 #33493 #33493
• ec2: throw ValidationErrors instead of untyped Errors (#34127) (93313dd)
• neptune-alpha: add engine versions up to v1.4.5.0 (#33989) (07f1d0a), closes #33807

Bug Fixes

• ec2-alpha: add multiple NATGW to the VPC using addNatGateway method (#34094) (ccd8de7)
• ec2-alpha: update default config for Subnet's assignIpv6AddressOnCreation (#34116) (dff2798)

Bug Fixes

• core: implicit Aspect applications do not override custom Aspect applications (#34132) (b7f4bc7)

Alpha modules (2.189.1-alpha.0)

Features

• apigatewayv2: dualstack HTTP and WebSocket API (#34054) (eec900e)
• update L1 CloudFormation resource definitions (#34064) (9cb2602)
• bedrock: support Amazon Nova Reel 1.1 (#34070) (3da0c4d)
• support L2 constructs for Amazon S3 Tables (#33599) (2e95252)
• pipelines: add V2 pipeline type support in L3 construct (#34005) (994e952), closes #33995

Bug Fixes

• codepipeline: replace account root principal with pipeline role in trust policy for cross-account actions (under feature flag) (#34074) (2d901f4)
• custom-resources: AwsCustomResource assumed role session name may contain invalid characters (#34016) (32b6b4d), closes #23260 #34011

Alpha modules (2.189.0-alpha.0)

Features

• ec2-alpha: implement mapPublicIpOnLaunch prop in SubnetV2 (#34057) (836c5cf), closes #32159

Bug Fixes

• amplify: unable to re-run integ test due to missing status field in customRule (#33973) (6638c08), closes #33962

Features

• update L1 CloudFormation resource definitions (#33980) (0923b5e)
• update L1 CloudFormation resource definitions (#34029) (be6210f)
• codepipeline: add usePipelineRoleForActions field support in L2 (#33961) (d8bbc1c)
• codepipeline-actions: support ECRBuildAndPublish action (#33375) (c5cd679), closes #33376
• codepipeline-actions: support InspectorEcrImageScanAction and InspectorSourceCodeScanAction actions (#33378) (2dc8cc7), closes #33377
• cognito: v3.0 pre token generation trigger event (#33778) (ea1436f), closes #33733
• events-targets: support ApiGatewayV2 HttpApi (#33864) (91a3076), closes #26649
• kinesisfirehose: support S3 file extension format (#33776) (e314a9a), closes #32154
• logs-destinations: support Amazon Data Firehose logs destination (#33683) (a8edf69), closes #32038 #24766
• pipelines: actions can default to the pipeline service role instead of a newly created role (#33991) (2ebc51e)
• rds: engine lifecycle support (#33902) (c0f8d29), closes #33859

Bug Fixes

• cloudformation-include: parse MinActiveInstancesPercent in AutoScalingRollingUpdate policy (#33852) (89d2d5c), closes #33810 #33810
• cx-api: adding missing readme (#34003) (1c5cbfa), closes #34006 1#L698-L714
• ecr-assets: handle Docker 27.4+ output format in TarballImageAsset (#33967) (009680d), closes #33428
• eks: Only one type of update can be allowed with updateVersion (#33975) (95c06e2), closes #33452
• iam: add validation for OrganizationPrincipal IDs (#33968) (217d75f), closes #32756 #33555 #33773
• lambda: allow retryAttempts = -1 for infinite retries in EventSourceMapping (#34009) (88e04f0), closes #34007
• lambda: deprecate default feature flag @aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy (#34010) (242091a), closes #33688
• pipelines: can't have the same asset display name 3 times (#34017) (1418277), closes #33844 #34004
• stepfunctions-tasks: associateWithParent when using JSONata (#33972) (e839d45), closes #33850
• customer aspect cannot add Tags if a BucketNotifications construct is present (#33979) (2cff67e), closes #33943

Alpha modules (2.188.0-alpha.0)

Features

• ec2: add mailmanager vpc endpoints (#33996) (7ee77d7)
• eks-v2-alpha: add new nodegroup ami type (#34025) (864a7c6)

Bug Fixes

• ec2-alpha: addInternetGW handles shared route table for subnets (#33824) (3154d01), closes #33672

Features

• cx-api: declare support for CDK_TOOLKIT_VERSION env var (#33963) (22dc717)
• update L1 CloudFormation resource definitions (#33954) (7c15988)
• ecr: lookup existing repository (#33662) (5fff3d6), closes #8461
• eks: Nodegroup support nodeRepairConfig (#32626) (b9cb47c), closes #32562
• kinesisfirehose: throw ValidationErrors instead of untyped Errors (#33912) (8b23b5d), closes #32569
• lambda-event-sources: starting position timestamp for kafka (#31439) (5077d8a), closes #31808
• show friendly display names for assets (#33844) (4e958d4)

Bug Fixes

• cognito: fix logging behaviour for user pool client custom resource (#33983) (d02e64a), closes GHSA-qq4x-c6h6-rfxh
• core: asset names for nested stacks contain Tokens (#33966) (85fc87f)
• dynamodb: table v1 retain replica table if table is retain (#33953) (21d0a5c), closes #33952
• eks: looked up vpc causing premature validation errors for private subnets (#33786) (73744b4), closes #22025 /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts#L2705

Alpha modules (2.187.0-alpha.0)

Features

• apprunner: throw ValidationError instead of untyped errors (#33914) (38f89af)
• ec2: adding placementGroup to LaunchTemplateProps and LaunchTemplate (#33726) (e5f71db), closes #33721
• ec2: support the new SupportedRegions property for AWS::EC2::VPCEndpointService (#33959) (0c77cb6)
• iot: backfill enum values in iot module (#33969) (2a8a8a3)