Skip to content

Commit 57e6f9a

Browse files
authored
Merge branch 'main' into ICapacityProvider-update
2 parents 3871e0b + e3eecad commit 57e6f9a

File tree

1,101 files changed

+202069
-331253
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

1,101 files changed

+202069
-331253
lines changed

.github/workflows/integration-test-deployment.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@ concurrency:
2525
jobs:
2626
integration_test_deployment:
2727
runs-on: codebuild-aws-cdk-github-actions-deployment-integ-runner-${{ github.run_id }}-${{ github.run_attempt }}
28+
timeout-minutes: 7200 # Maximum limit for self-hosted runners, job can still be limited by our runner timeout (which is set at 36 hours).
2829
environment: deployment-integ-test # Do not change or remove this without discussing with Appsec
2930
if: contains(github.event.pull_request.labels.*.name, 'pr/needs-integration-tests-deployment')
3031
name: 'Deploy integration test snapshots (requires `pr/needs-integration-tests-deployment` label)'

CHANGELOG.v2.alpha.md

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,22 @@
22

33
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
44

5+
## [2.238.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.237.1-alpha.0...v2.238.0-alpha.0) (2026-02-09)
6+
7+
8+
### Features
9+
10+
* **eks-v2-alpha:** add support for bootstrapSelfManagedAddons ([#36740](https://github.com/aws/aws-cdk/issues/36740)) ([1ffe38d](https://github.com/aws/aws-cdk/commit/1ffe38dc950a096cb5e1c1ee20f2c49899dc0a23))
11+
* **eks-v2-alpha:** add support for EKS hybrid nodes ([#36749](https://github.com/aws/aws-cdk/issues/36749)) ([48ace56](https://github.com/aws/aws-cdk/commit/48ace56d82537630fc339cb41962473a97375aea))
12+
13+
14+
### Bug Fixes
15+
16+
* **eks-v2-alpha:** ensure kubectl provider and handler functions use the same vpc configuration ([#36735](https://github.com/aws/aws-cdk/issues/36735)) ([4e02f08](https://github.com/aws/aws-cdk/commit/4e02f0896069105dae83c46f19f1b346a546ad57)), closes [#34878](https://github.com/aws/aws-cdk/issues/34878) [#34877](https://github.com/aws/aws-cdk/issues/34877)
17+
* **ivs-alpha:** add region constraints to integration tests ([#36851](https://github.com/aws/aws-cdk/issues/36851)) ([d55fec4](https://github.com/aws/aws-cdk/commit/d55fec42357410b8263b814b931daf5dccc5c5e3))
18+
* **mixins-preview:** apply mixins in order ([#36847](https://github.com/aws/aws-cdk/issues/36847)) ([726060c](https://github.com/aws/aws-cdk/commit/726060c0ea9f57de4c6e13c1f50c330e4fc2608e))
19+
* **mixins-preview:** apply mixins in order in `MixinApplicator` ([#36877](https://github.com/aws/aws-cdk/issues/36877)) ([09db1c9](https://github.com/aws/aws-cdk/commit/09db1c99710c9f8e91774e767de93fff1a0d2650)), closes [#36847](https://github.com/aws/aws-cdk/issues/36847)
20+
521
## [2.237.1-alpha.0](https://github.com/aws/aws-cdk/compare/v2.237.0-alpha.0...v2.237.1-alpha.0) (2026-02-03)
622

723
## [2.237.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.236.0-alpha.0...v2.237.0-alpha.0) (2026-02-02)

CHANGELOG.v2.md

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,42 @@
22

33
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
44

5+
## [2.238.0](https://github.com/aws/aws-cdk/compare/v2.237.1...v2.238.0) (2026-02-09)
6+
7+
8+
### ⚠ BREAKING CHANGES
9+
10+
* **bedrock-agentcore:** Interface extensions require new property implementations
11+
* **aws-bedrock-agentcore-alpha:**
12+
* - IGateway now requires gatewayRef getter
13+
* - IGatewayTarget now requires gatewayTargetRef getter
14+
* - IMemory now requires memoryRef getter
15+
* - IBedrockAgentRuntime now requires runtimeRef getter
16+
* - IRuntimeEndpoint now requires runtimeEndpointRef getter
17+
* - IBrowserCustom now requires browserCustomRef getter
18+
* - ICodeInterpreterCustom now requires codeInterpreterCustomRef getter
19+
20+
### Features
21+
22+
* update L1 CloudFormation resource definitions ([#36834](https://github.com/aws/aws-cdk/issues/36834)) ([5143fdf](https://github.com/aws/aws-cdk/commit/5143fdfb57024ced8d9a2988216c78690f6121b0))
23+
* **core:** allow indentation suppression in nested stacks ([#35122](https://github.com/aws/aws-cdk/issues/35122)) ([d629b15](https://github.com/aws/aws-cdk/commit/d629b15954bd313876de2df055265e27569af5a4)), closes [#32798](https://github.com/aws/aws-cdk/issues/32798) [/github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/core/lib/stack.ts#L207](https://github.com/aws//github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/core/lib/stack.ts/issues/L207) [/github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/core/lib/stack.ts#L207](https://github.com/aws//github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/core/lib/stack.ts/issues/L207) [/github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/core/lib/nested-stack.ts#L25C18-L25C34](https://github.com/aws//github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/core/lib/nested-stack.ts/issues/L25C18-L25C34)
24+
* **ec2:** support Firehose `IDeliveryStreamRef` as flow log destination ([#36278](https://github.com/aws/aws-cdk/issues/36278)) ([cd73498](https://github.com/aws/aws-cdk/commit/cd73498af34fcc150c1290c5bd1f21c272239802)), closes [#33883](https://github.com/aws/aws-cdk/issues/33883) [#34596](https://github.com/aws/aws-cdk/issues/34596) [#33757](https://github.com/aws/aws-cdk/issues/33757)
25+
* **eks:** add removal policy for all constructs ([#35835](https://github.com/aws/aws-cdk/issues/35835)) ([875d9b8](https://github.com/aws/aws-cdk/commit/875d9b8f7dc4e3e1a5187b89303de3645485e3cf))
26+
* **eks:** add support for EC2, HYBRID_LINUX, and HYPERPOD_LINUX access entry types ([#36350](https://github.com/aws/aws-cdk/issues/36350)) ([cc059c6](https://github.com/aws/aws-cdk/commit/cc059c6dcfe12240057f5fc58bd076083fd77acd)), closes [#34394](https://github.com/aws/aws-cdk/issues/34394)
27+
* **glue:** typed partition projection ([#35660](https://github.com/aws/aws-cdk/issues/35660)) ([cb1658f](https://github.com/aws/aws-cdk/commit/cb1658f42522ad9abaec4de6ce0c0d43292e73a1)), closes [#35428](https://github.com/aws/aws-cdk/issues/35428)
28+
29+
30+
### Bug Fixes
31+
32+
* **core:** intrinsic cfn function tokens are not detected as such in java ([#36843](https://github.com/aws/aws-cdk/issues/36843)) ([3f29f11](https://github.com/aws/aws-cdk/commit/3f29f11d942b3f005732f17c3f606d081b8ba0d7))
33+
* **events:** restore `Match.anyOf` support for raw strings ([#36908](https://github.com/aws/aws-cdk/issues/36908)) ([6804c7c](https://github.com/aws/aws-cdk/commit/6804c7c75c7e67f1c61dac4aea43af5fa54969e2)), closes [#36902](https://github.com/aws/aws-cdk/issues/36902) [#36602](https://github.com/aws/aws-cdk/issues/36602) [#36602](https://github.com/aws/aws-cdk/issues/36602)
34+
* **iam:** undeprecate openIdConnectProviderArn and openIdConnectProviderIssuer in IOidcProvider ([#36859](https://github.com/aws/aws-cdk/issues/36859)) ([cbf0b03](https://github.com/aws/aws-cdk/commit/cbf0b03d58559574752b3ebe80e9cb596e0ef6b0))
35+
36+
37+
### Miscellaneous Chores
38+
39+
* **bedrock-agentcore:** reference interface ([#36803](https://github.com/aws/aws-cdk/issues/36803)) ([87f1087](https://github.com/aws/aws-cdk/commit/87f1087060e7c15616500e31de6a0603c37b8843))
40+
541
## [2.237.1](https://github.com/aws/aws-cdk/compare/v2.237.0...v2.237.1) (2026-02-03)
642

743

allowed-breaking-changes.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,9 @@ change-return-type:@aws-cdk/cloud-assembly-schema.Manifest.load
88
# of the `properties` field is already unreliable for exhaustive checking.
99
weakened:aws-cdk-lib.cloud_assembly_schema.ArtifactManifest
1010

11+
# Manifest class became abstract in cloud-assembly-schema v50+
12+
made-abstract:aws-cdk-lib.cloud_assembly_schema.Manifest
13+
1114
# Adding any new context queries will add to the ContextQueryProperties type,
1215
# which changes the signature of MissingContext.
1316
weakened:@aws-cdk/cloud-assembly-schema.MissingContext

docs/DESIGN_GUIDELINES.md

Lines changed: 51 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1340,6 +1340,47 @@ export abstract class TopicBase extends Resource implements ITopic, IEncryptedRe
13401340
}
13411341
```
13421342

1343+
#### Traits
1344+
1345+
To enable grant methods to work with L1 constructs, the CDK uses factory interfaces that wrap L1 resources into objects
1346+
exposing higher-level interfaces:
1347+
1348+
- `IResourcePolicyFactory` wraps an L1 into an object implementing `IResourceWithPolicyV2`, enabling resource policy
1349+
manipulation.
1350+
- `IEncryptedResourceFactory` wraps an L1 into an object implementing `IEncryptedResource`, enabling KMS key grants.
1351+
1352+
`IResourceWithPolicyV2` and `IEncryptedResource` are collectively called "traits". For now, these are the only two
1353+
traits we have, but we might add more in the future if we find other common patterns in L1 resources that can be
1354+
abstracted through this mechanism.
1355+
1356+
The CDK provides default implementations for common L1 resources, but it's also possible to register custom factories
1357+
for any CloudFormation resource type:
1358+
1359+
```ts nofixture
1360+
import { CfnResource } from 'aws-cdk-lib';
1361+
import { IResourcePolicyFactory, IResourceWithPolicyV2, PolicyStatement, ResourceWithPolicies } from 'aws-cdk-lib/aws-iam';
1362+
import { Construct, IConstruct } from 'constructs';
1363+
1364+
declare const scope: Construct;
1365+
class MyFactory implements IResourcePolicyFactory {
1366+
forResource(resource: CfnResource): IResourceWithPolicyV2 {
1367+
return {
1368+
env: resource.env,
1369+
addToResourcePolicy(statement: PolicyStatement) {
1370+
// custom implementation to add the statement to the resource policy
1371+
return { statementAdded: true, policyDependable: resource };
1372+
}
1373+
}
1374+
}
1375+
}
1376+
1377+
// After this, every time the Grants class encounters a CfnResource of type 'AWS::Some::Type',
1378+
// it will be able to use MyFactory to attempt to add statements to its resource policy.
1379+
ResourceWithPolicies.register(scope, 'AWS::Some::Type', new MyFactory());
1380+
```
1381+
1382+
#### Auto-generation and manual implementation
1383+
13431384
The `TopicGrants` class, and many others, are generated automatically from the `grants.json`
13441385
file present at the root of each individual module (`packages/aws-sns` for SNS constructs and
13451386
so on). The `grants.json` file has the following general structure:
@@ -1375,10 +1416,16 @@ where:
13751416
* `docSummary` - the public documentation for the method.
13761417
* `arnFormat` - In some cases, the policy applies to a specific ARN patterns, rather than just the ARN of the resource.
13771418

1378-
In some cases, however, it might not be possible to specify the grant details using the `grants.json`
1379-
file. This is usually the case when grants require additional logic, such as checking whether the
1380-
resource is owned or unowned, or when the grant needs to modify the resource policy of the resource
1381-
(if it has one). In these cases, you can implement the grants class manually.
1419+
Code generated from the `grants.json` file will have a very basic logic: it will try to add the given statement to the
1420+
principal's policy. If `hasResourcePolicy` is true, it will also attempt to add the statement to the resource policy.
1421+
This will only work if the resource implements the `iam.IResourceWithPolicyV2` interface or -- in case of L1s -- if
1422+
there is a `IResourcePolicyFactory` registered for its type (see previous section). If `keyActions` are specified in the
1423+
JSON file, it will also attempt to grant the specified permissions on the associated KMS key, if the resource implements
1424+
the `iam.IEncryptedResource` interface (or, similarly to resource policies, if there is a `IEncryptedResourceFactory`
1425+
registered for it).
1426+
1427+
If your permission use case requires additional logic, such as combining multiple `Grant` instances or handling
1428+
additional parameters, you will need to implement the Grants class manually.
13821429

13831430
Historically, grant methods were implemented directly on the resource construct interface (e.g.
13841431
`sns.ITopic.grantPublish(principal)`). For backward compatibility reasons, these methods are still

package.json

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -23,17 +23,17 @@
2323
"@types/prettier": "2.6.0",
2424
"@yarnpkg/lockfile": "^1.1.0",
2525
"aws-sdk-js-codemod": "^2.4.5",
26-
"cdk-generate-synthetic-examples": "^0.2.40",
26+
"cdk-generate-synthetic-examples": "^0.2.42",
2727
"conventional-changelog-cli": "^2.2.2",
2828
"fs-extra": "^9.1.0",
2929
"graceful-fs": "^4.2.11",
3030
"jest-junit": "^13.2.0",
31-
"jsii-diff": "1.125.0",
31+
"jsii-diff": "1.126.0",
3232
"jsii-pacmak": "1.126.0",
33-
"jsii-reflect": "1.125.0",
33+
"jsii-reflect": "1.126.0",
3434
"lerna": "^8.2.4",
3535
"nx": "^20",
36-
"semver": "^7.7.3",
36+
"semver": "^7.7.4",
3737
"standard-version": "^9.5.0",
3838
"ts-jest": "^29.4.6",
3939
"ts-node": "^10.9.2",

packages/@aws-cdk-testing/framework-integ/package.json

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,13 +30,13 @@
3030
"license": "Apache-2.0",
3131
"devDependencies": {
3232
"@aws-cdk/cdk-build-tools": "0.0.0",
33-
"@aws-cdk/integ-runner": "^2.193.5",
33+
"@aws-cdk/integ-runner": "^2.195.0",
3434
"@aws-cdk/pkglint": "0.0.0",
3535
"@aws-sdk/client-acm": "3.632.0",
3636
"@aws-sdk/client-rds": "3.632.0",
3737
"@aws-sdk/client-s3": "3.632.0",
3838
"@aws-sdk/client-cognito-identity-provider": "3.632.0",
39-
"axios": "^1.13.2",
39+
"axios": "^1.13.5",
4040
"delay": "5.0.0"
4141
},
4242
"dependencies": {
@@ -50,7 +50,7 @@
5050
"@aws-cdk/lambda-layer-kubectl-v34": "^2.0.0",
5151
"@aws-cdk/region-info": "0.0.0",
5252
"aws-cdk-lib": "0.0.0",
53-
"cdk8s": "2.70.43",
53+
"cdk8s": "2.70.47",
5454
"cdk8s-plus-27": "2.9.5",
5555
"constructs": "^10.0.0"
5656
},

packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-bucket-logging.js.snapshot/aws-cdk-cloudfront-custom.assets.json

Lines changed: 5 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-bucket-logging.js.snapshot/aws-cdk-cloudfront-custom.template.json

Lines changed: 16 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,15 @@
22
"Resources": {
33
"Bucket83908E77": {
44
"Type": "AWS::S3::Bucket",
5+
"Properties": {
6+
"OwnershipControls": {
7+
"Rules": [
8+
{
9+
"ObjectOwnership": "BucketOwnerPreferred"
10+
}
11+
]
12+
}
13+
},
514
"UpdateReplacePolicy": "Delete",
615
"DeletionPolicy": "Delete"
716
},
@@ -73,21 +82,19 @@
7382
}
7483
}
7584
},
76-
"AnAmazingWebsiteProbably2LoggingBucket222F7CE9": {
85+
"LoggingBucket2CD4C98D8": {
7786
"Type": "AWS::S3::Bucket",
7887
"Properties": {
79-
"BucketEncryption": {
80-
"ServerSideEncryptionConfiguration": [
88+
"OwnershipControls": {
89+
"Rules": [
8190
{
82-
"ServerSideEncryptionByDefault": {
83-
"SSEAlgorithm": "AES256"
84-
}
91+
"ObjectOwnership": "BucketOwnerPreferred"
8592
}
8693
]
8794
}
8895
},
89-
"UpdateReplacePolicy": "Retain",
90-
"DeletionPolicy": "Retain"
96+
"UpdateReplacePolicy": "Delete",
97+
"DeletionPolicy": "Delete"
9198
},
9299
"AnAmazingWebsiteProbably2CFDistribution7C1CCD12": {
93100
"Type": "AWS::CloudFront::Distribution",
@@ -119,7 +126,7 @@
119126
"Logging": {
120127
"Bucket": {
121128
"Fn::GetAtt": [
122-
"AnAmazingWebsiteProbably2LoggingBucket222F7CE9",
129+
"LoggingBucket2CD4C98D8",
123130
"RegionalDomainName"
124131
]
125132
},

packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-bucket-logging.js.snapshot/cdk.out

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)