v2.188.0

Features

• update L1 CloudFormation resource definitions (#33980) (0923b5e)
• update L1 CloudFormation resource definitions (#34029) (be6210f)
• codepipeline: add usePipelineRoleForActions field support in L2 (#33961) (d8bbc1c)
• codepipeline-actions: support ECRBuildAndPublish action (#33375) (c5cd679), closes #33376
• codepipeline-actions: support InspectorEcrImageScanAction and InspectorSourceCodeScanAction actions (#33378) (2dc8cc7), closes #33377
• cognito: v3.0 pre token generation trigger event (#33778) (ea1436f), closes #33733
• events-targets: support ApiGatewayV2 HttpApi (#33864) (91a3076), closes #26649
• kinesisfirehose: support S3 file extension format (#33776) (e314a9a), closes #32154
• logs-destinations: support Amazon Data Firehose logs destination (#33683) (a8edf69), closes #32038 #24766
• pipelines: actions can default to the pipeline service role instead of a newly created role (#33991) (2ebc51e)
• rds: engine lifecycle support (#33902) (c0f8d29), closes #33859

Bug Fixes

• cloudformation-include: parse MinActiveInstancesPercent in AutoScalingRollingUpdate policy (#33852) (89d2d5c), closes #33810 #33810
• cx-api: adding missing readme (#34003) (1c5cbfa), closes #34006 1#L698-L714
• ecr-assets: handle Docker 27.4+ output format in TarballImageAsset (#33967) (009680d), closes #33428
• eks: Only one type of update can be allowed with updateVersion (#33975) (95c06e2), closes #33452
• iam: add validation for OrganizationPrincipal IDs (#33968) (217d75f), closes #32756 #33555 #33773
• lambda: allow retryAttempts = -1 for infinite retries in EventSourceMapping (#34009) (88e04f0), closes #34007
• lambda: deprecate default feature flag @aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy (#34010) (242091a), closes #33688
• pipelines: can't have the same asset display name 3 times (#34017) (1418277), closes #33844 #34004
• stepfunctions-tasks: associateWithParent when using JSONata (#33972) (e839d45), closes #33850
• customer aspect cannot add Tags if a BucketNotifications construct is present (#33979) (2cff67e), closes #33943

---

Alpha modules (2.188.0-alpha.0)

Features

• ec2: add mailmanager vpc endpoints (#33996) (7ee77d7)
• eks-v2-alpha: add new nodegroup ami type (#34025) (864a7c6)

Bug Fixes

• ec2-alpha: addInternetGW handles shared route table for subnets (#33824) (3154d01), closes #33672

v2.187.0

Features

• cx-api: declare support for CDK_TOOLKIT_VERSION env var (#33963) (22dc717)
• update L1 CloudFormation resource definitions (#33954) (7c15988)
• ecr: lookup existing repository (#33662) (5fff3d6), closes #8461
• eks: Nodegroup support nodeRepairConfig (#32626) (b9cb47c), closes #32562
• kinesisfirehose: throw ValidationErrors instead of untyped Errors (#33912) (8b23b5d), closes #32569
• lambda-event-sources: starting position timestamp for kafka (#31439) (5077d8a), closes #31808
• show friendly display names for assets (#33844) (4e958d4)

Bug Fixes

• cognito: fix logging behaviour for user pool client custom resource (#33983) (d02e64a), closes GHSA-qq4x-c6h6-rfxh
• core: asset names for nested stacks contain Tokens (#33966) (85fc87f)
• dynamodb: table v1 retain replica table if table is retain (#33953) (21d0a5c), closes #33952
• eks: looked up vpc causing premature validation errors for private subnets (#33786) (73744b4), closes #22025 /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts#L2705

---

Alpha modules (2.187.0-alpha.0)

Features

• apprunner: throw ValidationError instead of untyped errors (#33914) (38f89af)
• ec2: adding placementGroup to LaunchTemplateProps and LaunchTemplate (#33726) (e5f71db), closes #33721
• ec2: support the new SupportedRegions property for AWS::EC2::VPCEndpointService (#33959) (0c77cb6)
• iot: backfill enum values in iot module (#33969) (2a8a8a3)

v2.186.0

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• redshiftserverless: The CfnWorkgroup.attrWorkgroupMaxCapacity attribute has been removed.
• quicksight: The CfnAnalysis.SheetTextBoxProperty.interactions, CfnDashboard.SheetTextBoxProperty.interactions, and CfnTemplate.SheetTextBoxProperty.interactions properties have been removed.
• imagebuilder: The CfnDistributionConfiguration.DistributionProperty.ssmParameterConfigurations property has been removed.

Features

• codecommit: throw ValidationErrors instead of untyped Errors (#33854) (f28eae2), closes #32569
• codedeploy: throw ValidationErrors instead of untyped Errors (#33853) (b6b91dd), closes #32569
• codepipeline: branches and files support in git push filter L2 construct (#33872) (45623d6)
• codepipeline: stage level condition feature L2 construct (#33809) (8e4374f)
• codepipeline: throw ValidationErrors instead of untyped Errors (#33855) (3ff5501), closes #32569
• cognito-identitypool: graduate to stable 🚀 (#33905) (ba52ac7), closes #27483
• config: throw ValidationErrors instead of untyped Errors (#33869) (5bc9292), closes #32569
• docdb: throw ValidationErrors instead of untyped Errors (#33870) (2dc5d70), closes #32569
• dynamodb: throw ValidationErrors instead of untyped Errors (#33871) (a9bae27), closes #32569
• ecr-assets: throw ValidationErrors instead of untyped Errors (#33899) (0787840)
• efs: throw ValidationErrors instead of untyped Errors (#33885) (6bf8095)
• imagebuilder: update L1 CloudFormation resource definitions (#33909) (8cac7bc), closes #33906
• lambda: add Ruby3.4 Lambda runtime support (#33832) (3154615)
• quicksight: update L1 CloudFormation resource definitions (#33910) (21e21cb), closes #33906
• redshiftserverless: update L1 CloudFormation resource definitions (#33911) (fb9fa74), closes #33906
• update L1 CloudFormation resource definitions (#33906) (b855978)
• scheduler-and-scheduler-targets: graduate to stable 🚀 (#33903) (1740f87), closes #31785
• scheduler-targets: EcsRunTask scheduler target (#33697) (3fe58b5), closes #27456

Bug Fixes

• context provider's ignoreErrorOnMissingContext parameter is misleading (#33875) (b3187b9)
• core: does not generate a valid artifact id from some construct IDs (#33863) (6a5638a), closes #32808
• cx-api: adding missing readme (#33867) (6761f56), closes #33866 1#L662-L681
• events: now EventBus.grantPutEventsTo correctly handles service principals (under feature flag) (#33729) (38d82c4), closes #22080 #22080

---

Alpha modules (2.186.0-alpha.0)

Features

• ec2: backfill missing enums for ec2 (#33821) (ae3fd67), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc.html#cfn-ec2 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html#cfn-ec2
• ec2: support PrefixList.fromLookup() (#33619) (b6a15f3), closes aws/aws-cdk#33606 aws/aws-cdk#15115
• ec2: support AWS::EC2::VPCEndpointService SupportedIpAddressTypes property (#33877) (ed5df9c)

Bug Fixes

• eks-v2-alpha: prevent IAM role creation when node pools are empty (#33894) (55bf451), closes #33771

v2.185.0

Features

• s3-deployment: backfill missing enums for s3-deployment (#33819) (2623e00), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionbydefault.html#aws-properties-s3
• update L1 CloudFormation resource definitions (#33800) (fada917)
• ecs: add validation checks to memory cpu combinations of FARGATE compatible task definitions (#33608) (734ca66), closes #22216 /github.com/aws/aws-cdk/issues/31106#issuecomment-2289166090
• ecs: backfill missing enums for ecs (#33644) (28c6a22)
• eks: backfill missing enums for eks (#33646) (f67a88b)
• logs: throw ValidationError instead of untyped Errors (#33753) (1fea9f1)

Bug Fixes

• core: remove whitespaces in tree.json (#33784) (73b9138), closes #27261 #27261
• s3: add validation for lifecycle rule transitions (#33731) (4128ff4), closes #22103 #22103
• s3-deployment: handle properly quoted strings in JSON files (#33698) (bff85e8), closes #22661 #22661
• stepfunctions-tasks: jobQueueArn support JsonPath or JSONata (#33670) (1c09c8b), closes #33580

---

Alpha modules (2.185.0-alpha.0)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• scheduler-targets-alpha: The class KinesisDataFirehosePutRecord has been renamed to FirehosePutRecord.

Bug Fixes

• scheduler-targets-alpha: rename KinesisDataFirehosePutRecord to FirehosePutRecord (#33758) (e6f5bc8), closes #33757 #33798

v2.184.1

Reverts

• iam: fix(iam): adding organization id pattern verification (#33773) (f7ed316), closes aws/aws-cdk#33768

---

Alpha modules (2.184.1-alpha.0)

v2.184.0

Features

• ecr: throw ValidationError instead of untyped Errors (#33750) (242690f)
• lambda: support s3 OFD for Kinesis/DynamoDB (#33739) (3f1fecf)
• rds: allow to specify availability zone for Aurora instances (#33515) (583d5f2), closes #33503 #30618

Bug Fixes

• codepipeline: replace account root principal with current pipeline role in the trust policy under ff: @aws-cdk/pipelines:reduceStageRoleTrustScope (#33742) (a64b01c), closes #33709
• core: message including tokens from annotations cannot output correctly (#33706) (55a3c4c), closes #33707
• events-targets: add LogGroupTargetInput.fromObjectV2() method (#33720) (584a58c)

---

Alpha modules (2.184.0-alpha.0)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• glue-alpha: Updated casing of workflow.addconditionalTrigger to workflow.addConditionalTrigger.

Bug Fixes

• glue-alpha: inconsistent workflow addconditionalTrigger casing (#33752) (4886a3e), closes #33751 #33751

v2.183.0

Features

• bedrock: support DeepSeek R1 (#33727) (3de0818)
• rds: add MySQL enginge versions 5.7.44(patch), 8.0.41 and 8.4.4 (#33732) (d1a8cbe)
• update L1 CloudFormation resource definitions (#33718) (c4fceb2)
• codebuild: throw ValidationError instead of untyped Errors (#33700) (d12854a), closes #32569
• core: RemovalPolicies.of(scope) (#32283) (34c547c)
• logs: add support for fieldIndexPolicies in log group L2 Construct (#33416) (6c882e0), closes #33366
• lambda: backfill missing enums for lambda (#33651) (4227747)
• rds: add new MariaDB engine versions 10.5.28, 10.6.21, 10.11.11, and 11.4.5 (#33665) (7f5bf4e)
• ec2: add VPC interface endpoints for Location Service (#33667) (4bc151b)
• ec2: add VPC interface endpoints for WAFV2 (#33685) (5eb11d2)
• ec2: add VPC interface endpoints for Emr Serverless (#33715) (25619a0)
• ec2: add VPC interface endpoints for Security Lake (#33728) (5fcbe2a)

Bug Fixes

• core: pressing Ctrl-C when content is bundled leaves broken asset (#33692) (00ef50d), closes #33201 #32869 #14474
• custom-resources: fix circular dependency when a custom role provided to Provider (#33600) (77b6fa9), closes #20360
• efs: cannot run an integ test when transitionToArchivePolicy is specified and throughputMode is undefined (#33713) (842201c)
• eks: cluster deployment issue when the authentication mode is not changing (#33680) (ba2dfd1)

---

Alpha modules (2.183.0-alpha.0)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• scheduler-targets-alpha: The InspectorStartAssessmentRun target's constructor now accepts IAssessmentTemplate instead of CfnAssessmentTemplate as its parameter type. To migrate existing code, use the AssessmentTemplate.fromCfnAssessmentTemplate() method to convert your CfnAssessmentTemplate instances to IAssessmentTemplate.

Features

• kinesisanalytics-flink-alpha: backfill missing enums for kinesisanalytics-flink-alpha (#33632) (b55199a)
• kinesisfirehose-destinations-alpha: backfill missing enums for kinesisfirehose-destinations-alpha (#33633) (6ed7a45)

Bug Fixes

• scheduler-alpha: deprecate Group in favour of ScheduleGroup (#33678) (4d8eae9)
• scheduler-targets-alpha: update inspector target to use IAssessmentTemplate instead of CfnAssessmentTemplate (#33682) (50ba3ef)

v2.182.0

Features

• assertions: added getResourceId method to Template (#33521) (a96b0f1)
• autoscaling: add new HealthChecks for multiple health check types, including EBS and VPC_LATTICE types (#31286) (b3edd0d), closes #31289 /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-autoscaling/lib/auto-scaling-group.ts#L233 /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-autoscaling/lib/auto-scaling-group.ts#L2232-L2258 /github.com/aws/aws-cdk/pull/31286#discussion_r1740763781
• ecs: encrypting managed storage (#33535) (07f0fe3), closes #33380
• inspector: add minimal L2 interface for Inspector assessment template and fromCfnAssessmentTemplate() (#33614) (d51f70a)
• opensearchservice: nodeoptions for domain (#32936) (1b6f0c3), closes #32553
• rds: DatabaseCluster support replicationSourceIdentifier (#33471) (878ad54), closes #33280
• update L1 CloudFormation resource definitions (#33676) (92dba49)
• upgrade @aws-cdk/cloud-assembly-schema to v40 (#33620) (127059e)

Bug Fixes

• apigateway: move endpointConfiguration to RestApiBaseProps (#33514) (e07a89c), closes #33295
• appsync: appsync Event API integration assertion tests (#33572) (6f966a6)
• cloudwatch: update regex expression that prevents CloudWatch:Mah:UnknownIdentifier warnings (#33591) (#33592) (97744e7)
• iam: adding organization id pattern verification (#33555) (6df9bfe), closes #32756
• lambda-nodejs: do not require a frozen lockfile for bun (#32908) (a21190e), closes #32906 #32906
• s3: cannot deploy multiple replication source buckets (under feature flag) (#33360) (d580853), closes #33355
• sns: for SSE topics, add KMS permissions in grantPublish (#32794) (f1c0926), closes #18387 #31012 #24848 #16271 #29511 /github.com/aws/aws-cdk/issues/16271#issuecomment-917221985

---

Alpha modules (2.182.0-alpha.0)

Features

• pipes-alpha: support for customer-managed KMS keys to encrypt pipe data (#33546) (dd0d62f), closes #31453

Bug Fixes

• cognito-identitypool-alpha: prevent stacks from not deploying correctly (#33609) (e220bc8), closes #33510
• eks-v2-alpha: can't delete fargate cluster (#33573) (4ada313), closes #33347
• scheduler-targets: update kinesis firehose imports (#33615) (1df1a78)

v2.181.1

---

Alpha modules (2.181.1-alpha.0)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• cognito-identitypool-alpha: Any IdentityPool resources deployed in versions >=2.179.0 will now fail to deploy. You will need to delete the IdentityPoolRoleAttachment from your stack via the console before redeploying.

Bug Fixes

• cognito-identitypool-alpha: prevent stacks from not deploying correctly (#33609) (a1e2afe), closes #33510

v2.181.0

Features

• update L1 CloudFormation resource definitions (#33579) (a6bfe3c)
• rds: scheduling modifications in the next scheduled maintenance window (#33448) (be2c7d0), closes #33447
• stepfunctions: add support for custom CSV delimiters in S3CsvItemReader (#33558) (43ae4fc), closes #33418

Bug Fixes

• cognito: re-adding threat protection capabilities and clarifying feature plans (#33565) (2f9bc41), closes #33393 #32367 #32367 #33393
• core: serviceTimeout for CustomResource does not work with token (#33541) (bc91c70), closes #33513 /github.com/go-to-k/aws-cdk/blob/75e52619cd09f363882ff62561a53cd5cd79ab30/packages/aws-cdk-lib/core/lib/custom-resource.ts#L169 /github.com/go-to-k/aws-cdk/blob/75e52619cd09f363882ff62561a53cd5cd79ab30/packages/aws-cdk-lib/core/lib/duration.ts#L332
• core: cross-stack references to NestedStack list values produces invalid outputs (#32575) (f9252ab), closes #27233
• core: wrong priority for tag aspects (#33460) (0b9ffeb)
• rds: monitoringInterval in DatabaseClusterProps does not work with token (#33516) (f9b28b9), closes #33504
• stepfunctions-tasks: SageMakerCreateTrainingJob add sagemaker:AddTags permission (#32536) (3b07346), closes #32294

---

Alpha modules (2.181.0-alpha.0)

Features

• eks-v2-alpha: eks auto mode support (#33373) (e03d112)
• msk: support for Kafka version 3.8.x and add deprecated labels to legacy versions (#33553) (29623d1)
• redshift-alpha: maintenance track name (#33552) (9ac3084)