Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(route53): vpc region in template overridden by stack region #20530

Merged
merged 160 commits into from
Sep 7, 2022
Merged

fix(route53): vpc region in template overridden by stack region #20530

merged 160 commits into from
Sep 7, 2022

Commits on May 27, 2022

  1. 🩹 Respect vpc region when set

    @daschaa
    daschaa committed May 27, 2022
    Configuration menu
    Copy the full SHA
    ac4f9e2 View commit details
    Browse the repository at this point in the history

Commits on Jun 2, 2022

  1. Merge branch 'main' into hostedzone-vpc-region

    @daschaa
    daschaa authored Jun 2, 2022
    Configuration menu
    Copy the full SHA
    532ad40 View commit details
    Browse the repository at this point in the history

Commits on Jul 9, 2022

  1. chore: replace master with main wherever possible (aws#20590) 

    * chore: replace master with main wherever possible

* update amplify tests

* fix iconurl

* monocdk main

Co-authored-by: Kendra Neil <53584728+TheRealAmazonKendra@users.noreply.github.com>
    @kaizencc @TheRealAmazonKendra @daschaa
    2 people authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    db7aeba View commit details
    Browse the repository at this point in the history

  2. docs(glue): refresh links for aws glue documentation (aws#20577) 

    Fixes aws#20546

Refreshes the links in the AWS Glue docs pointing to the Apache Hive website (for more information see the issue aws#20546 )

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @daschaa
    daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    eb6d6b0 View commit details
    Browse the repository at this point in the history

  3. chore: update the contributing guide for post v1 maintenance mode (aw… 

    …s#20581)

Now that v1 is in maintenance mode, we need some updates to the contributing guide. 

The biggest change to the developer workflow now that v1 is in maintenance mode, is that the main development branch, `main`, has the v2 source code. This does not have many practical impacts on developer workflow, because in most cases we will continue to just iterate on a single service module in its `packages/@aws-cdk/aws-<service>` directory.

This PR adds instructions for building and testing `aws-cdk-lib` and the individual `-alpha` packages, which developers might need to do occasionally. 

closes https://github.com/cdklabs/cdk-ops/issues/1933 

closes aws#20041 


----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @madeline-k @daschaa
    madeline-k authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    11e2398 View commit details
    Browse the repository at this point in the history

  4. feat(cfnspec): cloudformation spec v73.1.0 (backport aws#20587) (aws#… 

    …20592)

This is an automatic backport of pull request aws#20587 done by [Mergify](https://mergify.com).


---


<details>
<summary>Mergify commands and options</summary>

<br />

More conditions and actions can be found in the [documentation](https://docs.mergify.com/).

You can also trigger Mergify actions by commenting on this pull request:

- `@Mergifyio refresh` will re-evaluate the rules
- `@Mergifyio rebase` will rebase this PR on its base branch
- `@Mergifyio update` will merge the base branch into this PR
- `@Mergifyio backport <destination>` will backport this PR on `<destination>` branch

Additionally, on Mergify [dashboard](https://dashboard.mergify.com/) you can:

- look at your merge queues
- generate the Mergify configuration with the config editor.

Finally, you can contact us on https://mergify.com
</details>
    @mergify @daschaa
    mergify[bot] authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    6b2be86 View commit details
    Browse the repository at this point in the history

  5. chore(release): 2.27.0

    @daschaa
    AWS CDK Team authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    4aaf8c8 View commit details
    Browse the repository at this point in the history

  6. feat(cfnspec): cloudformation spec v75.0.0 (aws#20605)

    @aws-cdk-automation @daschaa
    aws-cdk-automation authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    49614ac View commit details
    Browse the repository at this point in the history

  7. fix(core): property overrides sometimes don't work with intrinsics (a… 

    …ws#20608)

When you add a property override, we merge it with any properties set
when the construct is initialized. The merge happens _after_ tokens are
resolved. For example, if we created a resource:

```ts
const resource = new CfnResource(this, 'Resource', {
  type: 'MyResourceType',
  properties: {
    prop1: Fn.ref('Param'),
  },
});
```

And the added an override for `prop1`:

```ts
resource.addPropertyOverride('prop1', Fn.ref('OtherParam'));
```

We would then perform a deep merge on the properties with a priority on
the overrides. The above example would work fine, eventually the merge
would get to the point where it was comparing two objects:

```
target = { prop1: { Ref: 'Param' } }
source = { prop1: { Ref: 'OtherParam' } }
result = { prop1: { Ref: 'OtherParam' } }
```

If we instead added an override using a different intrinsic:

```ts
resource.addPropertyOverride('prop1', Fn.join('-', ['hello',
Fn.ref('Param')]));
```

Then we would get to the point in the merge where we were comparing two
different objects:

```
target = { prop1: { Ref: 'Param' } }
source = { prop1: { 'Fn::Join': ['-', ['hello', { Ref: 'Param' } ]] } }
result = { prop1: {
  Ref: 'Param',
  'Fn::Join': ['-', ['hello', { Ref: 'Param' } ]] },
}}
```

This PR solves this issue by filtering out any CloudFormation
intrinsics. If the merge finds an intrinsic key in the target it "drops" the
intrinsic and takes whatever value is in the source (override).

fix aws#19971, aws#19447


----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @corymhall @daschaa
    corymhall authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    fcf34cc View commit details
    Browse the repository at this point in the history

  8. feat(lambda): Migrate away from NODEJS_10_X and NODEJS_12_X to NODEJS… 

    …_14_X (aws#20595)

Spiritual successor of aws#20531

<img width="487" alt="Screen Shot 2022-06-01 at 9 08 18 PM" src="https://user-images.githubusercontent.com/31543/171552028-7153063a-1c19-4972-ab89-6f280a4e9326.png">

- Migrated away (tests, docs, internal use) from NODEJS_10_X to NODEJS_14_X
- Migrated away (tests, docs, internal use) from NODEJS_12_X to NODEJS_14_X
- Added NODEJS_16_X to CustomResources
- Update CustomResources to use nodejs14.x by default
- Updated integration tests across the board. Some integ tests introduced destructive changes (expected with change of nodejs runtime)

Closes aws#20568
Closes aws#19992
Closes aws#20474

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @robertd @daschaa
    robertd authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    48fd66f View commit details
    Browse the repository at this point in the history

  9. feat(codebuild): adds report group type property (aws#20178) 

    fixes aws#14279.
Introduces optional property to the ReportGroup to define the type of the report group (either 'TEST' or 'CODE_COVERAGE'). It just passes down the property to the underlying CfnReportGroup.

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [x] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @daschaa
    daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    569ab2e View commit details
    Browse the repository at this point in the history

  10. chore(deps): Bump awscli from 1.25.1 to 1.25.2 in /packages/@aws-cdk/… 

    …lambda-layer-awscli (aws#20629)

Bumps [awscli](https://github.com/aws/aws-cli) from 1.25.1 to 1.25.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/aws/aws-cli/blob/develop/CHANGELOG.rst">awscli's changelog</a>.</em></p>
<blockquote>
<h1>1.25.2</h1>
<ul>
<li>api-change:<code>connect</code>: This release adds the following features: 1) New APIs to manage (create, list, update) task template resources, 2) Updates to startTaskContact API to support task templates, and 3) new TransferContact API to programmatically transfer in-progress tasks via a contact flow.</li>
<li>api-change:<code>proton</code>: Add new &quot;Components&quot; API to enable users to Create, Delete and Update AWS Proton components.</li>
<li>api-change:<code>codeartifact</code>: Documentation updates for CodeArtifact</li>
<li>api-change:<code>application-insights</code>: Provide Account Level onboarding support through CFN/CLI</li>
<li>api-change:<code>kendra</code>: Amazon Kendra now provides a data source connector for GitHub. For more information, see <a href="https://docs.aws.amazon.com/kendra/latest/dg/data-source-github.html">https://docs.aws.amazon.com/kendra/latest/dg/data-source-github.html</a></li>
<li>api-change:<code>voice-id</code>: Added a new attribute ServerSideEncryptionUpdateDetails to Domain and DomainSummary.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/aws/aws-cli/commit/e25332ebfec94ca597ba0705ce815b197f78e2c8"><code>e25332e</code></a> Merge branch 'release-1.25.2'</li>
<li><a href="https://github.com/aws/aws-cli/commit/71fa2b7b96d3234928c00727f1b2c8469915c7e9"><code>71fa2b7</code></a> Bumping version to 1.25.2</li>
<li><a href="https://github.com/aws/aws-cli/commit/3c98094fbaf1ffd909441bf034acba3610795618"><code>3c98094</code></a> Update changelog based on model updates</li>
<li><a href="https://github.com/aws/aws-cli/commit/dc7c26849d3f518229716fef8a211aad793a73c6"><code>dc7c268</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/aws/aws-cli/issues/6045">#6045</a> from pawanakhil/feature/cloudsearch/define-index-fie...</li>
<li><a href="https://github.com/aws/aws-cli/commit/ccbe2a477671585dcb62f75d1b99cfbdc4ac8747"><code>ccbe2a4</code></a> Updated test with Source field field option</li>
<li><a href="https://github.com/aws/aws-cli/commit/e69993188e111fa3c9c5551657a67dbaeaaa2990"><code>e699931</code></a> Added source field option for CloudSearch define-index-field</li>
<li><a href="https://github.com/aws/aws-cli/commit/c71d1dfccb5f340d8a117929b428f4b092cad934"><code>c71d1df</code></a> Merge branch 'release-1.25.1' into develop</li>
<li>See full diff in <a href="https://github.com/aws/aws-cli/compare/1.25.1...1.25.2">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=awscli&package-manager=pip&previous-version=1.25.1&new-version=1.25.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
    @dependabot @daschaa
    dependabot[bot] authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    ad52f6f View commit details
    Browse the repository at this point in the history

  11. feat(aws-ec2): control over VPC AZs (aws#20562) 

    With this change, the `Vpc` construct gains a new constructor prop,
`availabilityZones`, which gives more control over AZs than the existing
`maxAzs` prop.

closes aws#5847


----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @philipmw @daschaa
    philipmw authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    3d3feed View commit details
    Browse the repository at this point in the history

  12. chore(servicediscovery): rename docs/test props (aws#20639) 

    It was noticed that 'covfefe' is a potentially charged word. This is a
straightforward PR to rename instances of 'covfefe' to something less
politically adjacent.

Please see comment here: https://twitter.com/bryson3gps/status/1533880885015093248

----

### All Submissions:

* [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @kellertk @daschaa
    kellertk authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    b85ec4e View commit details
    Browse the repository at this point in the history

  13. fix(lambda): deprecate Python3.6 (aws#19988) (aws#20647) 

    Move all automatic Custom Resources to the newest Python version, update
integ tests, add a note to the Lambda Runtime that it shouldn't be used
anymore.

Change all Python3.6 -> Python 3.9.

Fixes aws#20085.
    @RomainMuller @daschaa
    RomainMuller authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    ce42413 View commit details
    Browse the repository at this point in the history

  14. docs(lambda): close code block in addAlias, restore addEnvironment do… 

    …cs (aws#20637)

This fixes aws#20623, by closing the previously-unclosed code block in `Function.addAlias`. This should restore the `Function.addEnvironment` documentation.

See aws/jsii#3576 for a general approach to eliminating/mitigating other instances of unclosed code blocks.

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) (N/A)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? (N/A)
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? (N/A)

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @huonw @daschaa
    huonw authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    34a7af3 View commit details
    Browse the repository at this point in the history

  15. chore(aws-cdk): fix inaccurate hint text (aws#20640) 

    Helper text is inaccurate.

----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [n/a] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [n/a] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [n/a] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

I confirm
    @aubelscirclein @daschaa
    aubelscirclein authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    9298006 View commit details
    Browse the repository at this point in the history

  16. feat(core): allow specifying Docker build targets (aws#20654) 

    Add support for passing `--target [...]` to docker build.
    @indrora @daschaa
    indrora authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    d220e99 View commit details
    Browse the repository at this point in the history

  17. chore(aws-rds): add Aurora MySQL 3.01.1 3.02.0 (aws#20632) 

    https://docs.aws.amazon.com/AmazonRDS/latest/AuroraMySQLReleaseNotes/AuroraMySQL.Updates.3011.html

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraMySQLReleaseNotes/AuroraMySQL.Updates.3020.html


----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @hacker65536 @daschaa
    hacker65536 authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    3ccd7f0 View commit details
    Browse the repository at this point in the history

  18. chore: clarify .Net core versions in contributing guide (aws#20612) 

    I spent some time installing .Net Core 3.1.x on my Mac and struggling with
unsigned binaries before I discovered that the latest version works.


----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @philipmw @daschaa
    philipmw authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    3b1b0d9 View commit details
    Browse the repository at this point in the history

  19. chore(core): remove excess whitespace (aws#20664) 

    This was getting on my nerves. The whitespace comes from migrating our testing suite to jest -- some of our automated migration scripts must have neglected to remove the excess new lines. Added a few new lines for formatting fidelity as well, which is what accounts for the + file diff.

----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @kaizencc @daschaa
    kaizencc authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    b4a2e22 View commit details
    Browse the repository at this point in the history

  20. chore(cx-api): add missing documentation for feature flag (aws#20671) 

    ----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @kaizencc @daschaa
    kaizencc authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    27f5e6e View commit details
    Browse the repository at this point in the history

  21. chore: npm-check-updates && yarn upgrade (aws#20401) 

    Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.
    @aws-cdk-automation @daschaa
    aws-cdk-automation authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    31a0820 View commit details
    Browse the repository at this point in the history

  22. chore: fix THIRD_PARTY_LICENSES (aws#20687) 

    ----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @RomainMuller @daschaa
    RomainMuller authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    bc87e37 View commit details
    Browse the repository at this point in the history

  23. fix(iam): conditions in FederatedPrincipal should be optional (aws#20621 

    )

Fixes aws#11139

This PR makes conditions in `FederatedPrincipal` optional.

### All Submissions:

* [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @cecheta @daschaa
    cecheta authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    d79b58c View commit details
    Browse the repository at this point in the history

  24. fix(servicecatalog): ProductStackHistory does not accept nested direc… 

    …tories (aws#20688)

This small PR will allow users to use nested directories in the ProductStackHistory feature. 
Fixes aws#20658 

----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @wanjacki @daschaa
    wanjacki authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    9bdf5df View commit details
    Browse the repository at this point in the history

  25. docs(rds): Fix storage allocation units (aws#20692) 

    The upstream documentation
<https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-allocatedstorage>
uses "gigabytes" in one place and "GiB" everywhere else, including the
dashboard. Presumably "gibibytes" was meant, so the CDK documentation
should reflect that.

Closes aws#20676.

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)
   * Yes, except [linting didn't work](aws#20693).

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @l0b0 @daschaa
    l0b0 authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    00c24e9 View commit details
    Browse the repository at this point in the history

  26. chore(region-info): Register iso facts (aws#20699) 

    Addition of region facts to facts table

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @maafk @daschaa
    maafk authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    9dced6f View commit details
    Browse the repository at this point in the history

  27. chore(deps): Bump awscli from 1.25.2 to 1.25.7 in /packages/@aws-cdk/… 

    …lambda-layer-awscli (aws#20714)

Bumps [awscli](https://github.com/aws/aws-cli) from 1.25.2 to 1.25.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/aws/aws-cli/blob/develop/CHANGELOG.rst">awscli's changelog</a>.</em></p>
<blockquote>
<h1>1.25.7</h1>
<ul>
<li>api-change:<code>frauddetector</code>: Documentation updates for Amazon Fraud Detector (AWSHawksNest)</li>
</ul>
<h1>1.25.6</h1>
<ul>
<li>api-change:<code>chime-sdk-meetings</code>: Adds support for live transcription in AWS GovCloud (US) Regions.</li>
</ul>
<h1>1.25.5</h1>
<ul>
<li>api-change:<code>dms</code>: This release adds DMS Fleet Advisor APIs and exposes functionality for DMS Fleet Advisor. It adds functionality to create and modify fleet advisor instances, and to collect and analyze information about the local data infrastructure.</li>
<li>api-change:<code>iam</code>: Documentation updates for AWS Identity and Access Management (IAM).</li>
<li>api-change:<code>m2</code>: AWS Mainframe Modernization service is a managed mainframe service and set of tools for planning, migrating, modernizing, and running mainframe workloads on AWS</li>
<li>api-change:<code>neptune</code>: This release adds support for Neptune to be configured as a global database, with a primary DB cluster in one region, and up to five secondary DB clusters in other regions.</li>
<li>api-change:<code>redshift-serverless</code>: Add new API operations for Amazon Redshift Serverless, a new way of using Amazon Redshift without needing to manually manage provisioned clusters. The new operations let you interact with Redshift Serverless resources, such as create snapshots, list VPC endpoints, delete resource policies, and more.</li>
<li>api-change:<code>redshift</code>: Adds new API GetClusterCredentialsWithIAM to return temporary credentials.</li>
</ul>
<h1>1.25.4</h1>
<ul>
<li>api-change:<code>auditmanager</code>: This release introduces 2 updates to the Audit Manager API. The roleType and roleArn attributes are now required when you use the CreateAssessment or UpdateAssessment operation. We also added a throttling exception to the RegisterAccount API operation.</li>
<li>api-change:<code>ce</code>: Added two new APIs to support cost allocation tags operations: ListCostAllocationTags, UpdateCostAllocationTagsStatus.</li>
</ul>
<h1>1.25.3</h1>
<ul>
<li>api-change:<code>chime-sdk-messaging</code>: This release adds support for searching channels by members via the SearchChannels API, removes required restrictions for Name and Mode in UpdateChannel API and enhances CreateChannel API by exposing member and moderator list as well as channel id as optional parameters.</li>
<li>api-change:<code>connect</code>: This release adds a new API, GetCurrentUserData, which returns real-time details about users' current activity.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/aws/aws-cli/commit/a2b8346a29c095a0b975c985e703bc1945960693"><code>a2b8346</code></a> Merge branch 'release-1.25.7'</li>
<li><a href="https://github.com/aws/aws-cli/commit/6605eaf09affdc6a778955d257e191112559c610"><code>6605eaf</code></a> Bumping version to 1.25.7</li>
<li><a href="https://github.com/aws/aws-cli/commit/140058e0366c8d531a23d2b232c3ae2b92f942cf"><code>140058e</code></a> Update changelog based on model updates</li>
<li><a href="https://github.com/aws/aws-cli/commit/365e91d1bc5378f4d86cbad2c69b1e49102cef67"><code>365e91d</code></a> Update helptext.py to remove visible markup tags (<a href="https://github-redirect.dependabot.com/aws/aws-cli/issues/7023">#7023</a>)</li>
<li><a href="https://github.com/aws/aws-cli/commit/f20639434835f063feac18a494bd81081f39f901"><code>f206394</code></a> Merge branch 'release-1.25.6'</li>
<li><a href="https://github.com/aws/aws-cli/commit/3d6ba46eddb094a2eae74895fc814e4a2572b19a"><code>3d6ba46</code></a> Merge branch 'release-1.25.6' into develop</li>
<li><a href="https://github.com/aws/aws-cli/commit/87376e9537085b9284e4da06baade66211490641"><code>87376e9</code></a> Bumping version to 1.25.6</li>
<li><a href="https://github.com/aws/aws-cli/commit/8a71ffd01fd2efeb785c298a7b9b274c969c78ce"><code>8a71ffd</code></a> Update changelog based on model updates</li>
<li><a href="https://github.com/aws/aws-cli/commit/1bc364bae46fd34c0326f160faf220802c6e834e"><code>1bc364b</code></a> Merge branch 'release-1.25.5'</li>
<li><a href="https://github.com/aws/aws-cli/commit/4134e06e02dcc2ffa66a40be59dba96833733ef0"><code>4134e06</code></a> Merge branch 'release-1.25.5' into develop</li>
<li>Additional commits viewable in <a href="https://github.com/aws/aws-cli/compare/1.25.2...1.25.7">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=awscli&package-manager=pip&previous-version=1.25.2&new-version=1.25.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
    @dependabot @daschaa
    dependabot[bot] authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    893e6f4 View commit details
    Browse the repository at this point in the history

  28. Add Textract support to AWS VpcEndpoint services (aws#20604) 

    This change adds support for textract and textract fips to the predefined list of AWS Vpc endpoint services.
See aws#20586


----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @J11522 @daschaa
    J11522 authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    acdadfa View commit details
    Browse the repository at this point in the history

  29. chore: remove construct-import-order eslint rule (aws#20674) 

    ----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @madeline-k @daschaa
    madeline-k authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    793689f View commit details
    Browse the repository at this point in the history

  30. docs(secretsmanager): Updates example in secretsmanager code (aws#20672) 

    Fixes aws#20122 
Implements proposed example code mentioned in the issue.

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @daschaa
    daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    8534468 View commit details
    Browse the repository at this point in the history

  31. feat(opensearchservice): When a Domain has enforceHttps true, set the… 

    … connections defaultPort (aws#20602)

For an Opensearch domain, if enforceHttps is enabled, set the defaultPort for the connections object of the domain, as we know it communicates over 443 in this scenario.

I also took the liberty of correcting a test title while I was in the code, I hope it's okay coupling that fix with this change.

closes aws#16251

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

It doesn't seem that an integration test is a good fit here, as this simply changes/simplifies how you'll create a connection to a Domain. I'm happy to be corrected however and will add one if asked.

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @SamStephens @daschaa
    SamStephens authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    8e38b0e View commit details
    Browse the repository at this point in the history

  32. fix(appsync): Create Lambda permission when using Lambda Authorizer(#… ( 

    aws#20641)

This PR will fix aws#20234

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @cm-iwata @daschaa
    cm-iwata authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    54d3d4e View commit details
    Browse the repository at this point in the history

  33. fix(eks): add clusterLogging props to Fargate Cluster (aws#20707) 

    Fixes aws#19302
----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @ranjith-jagadeesh @daschaa
    ranjith-jagadeesh authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    2c113a7 View commit details
    Browse the repository at this point in the history

  34. fix(core): RemovalPolicy.SNAPSHOT can be added to resources that do n… 

    …ot support it (aws#20668)

fixes aws#20653, which was reported for opensearch domains, but also fixes this issue for all other resources that allowed this removal policy but did not actually support it.

previously, the behavior was a successful synth and deploy, and cloudformation ignores the snapshot removal policy if it is not supported by the resource. because of this, i believe that i have to add this fix behind a feature flag to avoid breaking customers.

without the feature flag, the best we can do is add a warning to the stack notifying customers that the snapshot policy is useless.

----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @kaizencc @daschaa
    kaizencc authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    d1c42c5 View commit details
    Browse the repository at this point in the history

  35. feat(ec2): allow the use of graviton3 processors (aws#20541) 

    feat: allow the use of graviton3, 7th generation processors

fixes: aws#20482

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @gergnz @daschaa
    gergnz authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    c40c93b View commit details
    Browse the repository at this point in the history

  36. chore(aws-rds): add doc references (aws#20720) 

    Adds docs to clarify the semantics of rotations. 

Closes aws#20704

----

### All Submissions:

* [x] Have you followed the guidelines in our 
[Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @ahammond @daschaa
    ahammond authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    c3fd2cd View commit details
    Browse the repository at this point in the history

  37. chore(core): IConstruct is passed to Names.uniqueId instead of Constr… 

    …uct (aws#20584) (aws#20696)

This updates `Names.uniqueId()` to accept an `IConstruct` instead of `Construct`.

Closes aws#20584

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @schabe77 @daschaa
    schabe77 authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    b9564d5 View commit details
    Browse the repository at this point in the history

  38. fix(integ-runner): don't allow new legacy tests (aws#20614) 

    All new integration tests that are created should use the new
`IntegTest` construct in the
[@aws-cdk/integ-tests](https://github.com/aws/aws-cdk/tree/main/packages/%40aws-cdk/integ-tests)
module.

We will eventually be migrating all of our tests to the new construct
and removing the "legacy" mode, so this PR will fail any new test that
is added that doesn't use the `IntegTest` construct.

I've also renamed some of the `test-data` files so that they will not be
picked up by the `integ-runner` if you execute it on the entire repo.


----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @corymhall @daschaa
    corymhall authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    e28b64f View commit details
    Browse the repository at this point in the history

  39. feat(ecs-patterns): add ecs exec support (aws#18663) 

    Fixes aws#15769, aws#15197
Supersedes aws#15497 by implementing the change for all patterns.
This PR implements support for ECS Exec in all ecs-patterns services.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @LukvonStrom @daschaa
    LukvonStrom authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    a3b46a9 View commit details
    Browse the repository at this point in the history

  40. feat(cloudwatch): add addWidget method in widget container classes (a… 

    …ws#18615)

This pull request add a new `addWidget` method to the `Row` and `Column` classes that implement the `IWidget` interface by accepting other widgets as parameters (widget containers).
This is useful to programmatically add a widget to a container also after the container's construction.

Closes aws#18466 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @flavioleggio @daschaa
    flavioleggio authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    90352c8 View commit details
    Browse the repository at this point in the history

  41. feat(ecs): add external network modes to ExternalTaskDefinition and T… 

    …askDefinition (aws#17762)

Adds support for Host and None network modes when creating Task Definitions with External compatibility.

See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-anywhere.html  

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @beezly @daschaa
    beezly authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    29e026c View commit details
    Browse the repository at this point in the history

  42. fix(events): eventSourceName does not accept tokens (aws#20719) 

    Addresses aws#20718 

Adds a check to see if the value is a token before running the validation regex on `eventSourceName`.

Simple fix following a similar fix in aws#10772

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @keetonian @daschaa
    keetonian authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    5b77e27 View commit details
    Browse the repository at this point in the history

  43. chore(release): 2.28.0

    @daschaa
    AWS CDK Team authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    85d3e17 View commit details
    Browse the repository at this point in the history

  44. fix(init-templates): unable to initialize typescript templates (aws#2… 

    …0752)

fix aws#20751

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @yamatatsu @daschaa
    yamatatsu authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    9be9b99 View commit details
    Browse the repository at this point in the history

  45. chore(release): 2.28.1

    @iliapolo @daschaa
    iliapolo authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    c5382b6 View commit details
    Browse the repository at this point in the history

  46. fix header

    @iliapolo @daschaa
    iliapolo authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    c698a05 View commit details
    Browse the repository at this point in the history

  47. one more header

    @iliapolo @daschaa
    iliapolo authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    0b985ce View commit details
    Browse the repository at this point in the history

  48. feat(lambda): inline function code can exceed 4096 bytes (aws#20624) 

    CloudFormation removed the 4k charcaters limit for inline function code.

Latest public documentation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-zipfile

Historic documentation: https://web.archive.org/web/20220309033724/https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-zipfile

Internal Code Review reference: CR-53662636


----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @seyeong @daschaa
    seyeong authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    bba5383 View commit details
    Browse the repository at this point in the history

  49. feat(events-targets): Add DLQ support for SNS target (aws#20062) 

    Add DLQ support for SNS target.

Closes aws#19741.

----

### All Submissions:

* [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [X] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [X] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @jumic @daschaa
    jumic authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    2749269 View commit details
    Browse the repository at this point in the history

  50. docs(synthetics): update inline code limitation (aws#20740) 

    Fixing comment. The actual limit is 5MB according to [CloudFormation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-synthetics-canary-code.html#cfn-synthetics-canary-code-script). There's no tests verifying the limit.

Related to aws#20624

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)


*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @s12v @daschaa
    s12v authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    830e67c View commit details
    Browse the repository at this point in the history

  51. fix(core): CfnMapping values cannot be used in other stacks (aws#20616) 

    Creating a `CfnMapping` in one stack and then using `findInMap()` in another stack will result in an error at deploy time because the `findInMap()` will turn into a `Fn::FindInMap` that searches for a mapping that does not exist. This change copies the mapping to any stack that references it, even if it is not defined.

Closes aws#18920.

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @comcalvi @daschaa
    comcalvi authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    893b2b9 View commit details
    Browse the repository at this point in the history

  52. fix(codepipeline): cannot deploy pipeline stack with crossAccountKeys… 

    … twice (under feature flag) (aws#20745)

When multiple copies of the same pipeline are deployed in separate stacks, the alias name for the KMS key is the same, causing the deployment to fail. This change fixes that using the stack name instead of the stack ID to create a stack safe uniqueId for the alias name. This fix is behind the following feature flag:

    @aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName

Fixes issue aws#18828.

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @TheRealAmazonKendra @daschaa
    TheRealAmazonKendra authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    d098106 View commit details
    Browse the repository at this point in the history

  53. fix(iam): add defaultPolicyName to prevent policies overwriting eac… 

    …h other in multi-stack deployments (aws#20705)

This adds a prop, `defaultPolicyName`, that can be specified for imported roles. If the same role is imported in at least two stacks, and both of them create grant permissions to that role, the permissions granted in whichever stack was deployed last will overwrite the permissions granted by all others. Specifying this option allows users to specify different policy names across different stacks, which will prevent this overwrite issue.

Closes aws#16074.

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @comcalvi @daschaa
    comcalvi authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    a8ea8bb View commit details
    Browse the repository at this point in the history

  54. feat(pipelines): add support for caching to codebuild steps (aws#20533) 

    Fixes aws#16375

Closes aws#19084

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @Hi-Fi @daschaa
    Hi-Fi authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    855a9f3 View commit details
    Browse the repository at this point in the history

  55. fix(autoscaling): osType is wrong when using CloudformationInit with … 

    …launchTemplate (aws#20759)

Fix aws#20304

Like aws#20454 but add a test

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @BDeus @daschaa
    BDeus authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    a01e5ce View commit details
    Browse the repository at this point in the history

  56. docs(lambda): Fixed consecutive "when" (aws#20761) 

    ----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @WinterYukky @daschaa
    WinterYukky authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    ca66b48 View commit details
    Browse the repository at this point in the history

  57. fix(iam): duplicate PolicyStatements lead to too many overflow polici… 

    …es (aws#20767)

Historically, policy statement deduplicating was done during policy
rendering.  There could be a 100 statements in a policy, but if they
were all the same it would only render as 1 statement.

When we introduced policy splitting, those 100 equal statements would
*first* be divided into Overflow policies before being deduplicated
(potentially leading to too many policies being created, hitting limits).

Especially CDK Pipelines takes heavy advantage of the deduplicating
behavior, and adds the same policies over and over again, leading
to overflows.

When the `minimizePolicies` feature flag is turned on, duplicate
elimitation is implicitly performed (because equal statements
count as mergeable), but when the feature flag is off we
hit the bad behavior.

As a fix, do deduplication even if merging is turned off.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @rix0rrr @daschaa
    rix0rrr authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    7489af4 View commit details
    Browse the repository at this point in the history

  58. feat(secretsmanager): exclude characters for hosted rotation (aws#20768) 

    By default, use the exclude characters of the secret if available or
the same default exclude characters as the ones used in `@aws-cdk/aws-rds`.

A subsequent PR should replace the secret rotation implementation in
`@aws-cdk/aws-rds` with a hosted rotation now that exclude chars are
supported.


----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @jogold @daschaa
    jogold authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    67541d2 View commit details
    Browse the repository at this point in the history

  59. feat(route53): replace existing record sets (aws#20416) 

    Add a `deleteExisting` prop to `RecordSet` to delete an existing record
set before deploying the new one. This is useful if you want to minimize
downtime and avoid "manual" actions while deploying a stack with a
record set that already exists. This is typically the case for record
sets that are not already "owned" by CloudFormation or "owned" by
another stack or construct that is going to be deleted (migration).


----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @jogold @daschaa
    jogold authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    c31a25a View commit details
    Browse the repository at this point in the history

  60. fix(route53): improve fromHostedZoneId error message (aws#20755) 

    fixes aws#8406 

----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @peterwoodworth @daschaa
    peterwoodworth authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    85925a3 View commit details
    Browse the repository at this point in the history

  61. fix(core): Durations in the expected unit are not tested for integer-… 

    …ness (aws#20742)

----
Converting from a type to itself would not check the integral flag and simply return the current duration amount rather than throwing an error if the amount converted to was fractional.

Commands such as `toSeconds()` or `toMinutes()` had the same behavior since they leverage `convert()`.

`Duration.minutes(0.5).toMinutes();` previously would not throw an error, but `Duration.seconds(30).toMinutes();` would. 
`Duration.minutes(0.5).toMinutes();` will now throw an error while `Duration.minutes(0.5).toMinutes({ integral: false});` will not.

fix(@aws-cdk/aws-events/schedule.ts): `rate()` now correctly catches if a duration is defined in fractions of a minute. The root cause was the use of `Duration.toMinutes()` in `rate()`. Now all rates defined with durations must be in whole minutes.

docs: this limitation on rates is highlighted more clearly in the documentation for aws-events/schedule.ts and aws-events/rule.ts. 

This closes aws#17814.

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @scanlonp @daschaa
    scanlonp authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    cfe282d View commit details
    Browse the repository at this point in the history

  62. feat(servicediscovery): add hostedzoneid as attribute to namespace (a… 

    …ws#20583)

related to aws#20510 

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @peterwoodworth @daschaa
    peterwoodworth authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    6618525 View commit details
    Browse the repository at this point in the history

  63. fix(events-targets): cloudwatch logs requires specific input template ( 

    …aws#20748)

The CloudWatch logs log group target requires a very specific input
template. It does not support `input` or `inputPath` and if
`inputTemplate` is specified it must be in the format of

`{"timestamp": <time>, "message": <message>}`

where both the values for `timestamp` and `message` are strings.

This requirement is not very well documented, the only reference I could
find is in a `Note` on this
[page](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_PutTargets.html).

This PR adds a new property `logEvent` and deprecates the `event`
property to ensure that if the user adds an event input that it uses the
correct format. While working on this PR is started by adding some
validation if the user provides the `event` property and then went down
the route of providing the new `logEvent` property. Since I already did
the work of creating the validation for `event` I've kept it, but I'm
open to just removing that logic since it is validating a `deprecated`
property.

I've also added an integration test that asserts that the expected
message is written to the log group.

fixes aws#19451


----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @corymhall @daschaa
    corymhall authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    17b4b56 View commit details
    Browse the repository at this point in the history

  64. feat(aws-eks): allow the use of graviton3 processors (aws#20543) 

    feat: allow the use of graviton3, 7th generation processors

fixes: aws#20482

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @gergnz @daschaa
    gergnz authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    04f33ba View commit details
    Browse the repository at this point in the history

  65. Update yarn-upgrade.yml (aws#20791) 

    In aws#19893, we added init-templates `package.json` files to our automatic upgrades mechanism. The packages `jest` and `ts-jest` were (not sure why...), added to the rejection list, i.e they specifically will not be upgraded; However, `@types/jest` was not added to this list, thereby creating a potential major version mismatch between them. 

This is exactly what happened here: aws#20751

This PR rejects upgrades to `@types/jest` as well, to keep them in sync.

----

### All Submissions:

* [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @iliapolo @daschaa
    iliapolo authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    fdaf60e View commit details
    Browse the repository at this point in the history

  66. feat(apigateway): Add LambdaIntegrationOptions to LambdaRestApi (aws#… 

    …17065)

This adds an `integrationOptions` field to the `LambdaRestApiProps` and ensures that `proxy` cannot be set differently from the base `proxy` flag (but discourages setting it at all). This will allow setting the `cacheKeyParameters`, `allowTestInvoke`, and `vpcLink` configuration fields without having to fall back to using a regular `RestApi`.

Some of this is inspired by aws#12004 and its review comments, which was closed earlier this year due to inactivity.

Resolves: aws#3269

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @laurelmay @daschaa
    laurelmay authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    df3b136 View commit details
    Browse the repository at this point in the history

  67. feat(cfnspec): cloudformation spec v76.0.0 (aws#20726)

    @aws-cdk-automation @daschaa
    aws-cdk-automation authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    bbf29ef View commit details
    Browse the repository at this point in the history

  68. chore(release): 2.29.0

    @daschaa
    AWS CDK Team authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    be21eb7 View commit details
    Browse the repository at this point in the history

  69. fix(pipelines): 'ConfirmPermissionsBroadening' uses wrong node version ( 

    aws#20861)

The CodeBuild Project that is used when the `ConfirmPermissionsBroadening`
feature is enabled does not have a CodeBuild image specified. This
makes it use the `standard:2.0` image by default, which is AL2-based
and comes with Node 12. CDK tooling now requires Node 14 to run.

Make it use the `standard:5.0` image like all other CodeBuild projects,
which contains Node 14.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @rix0rrr @daschaa
    rix0rrr authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    b8b9978 View commit details
    Browse the repository at this point in the history

  70. chore(release): 2.29.1

    @MrArnoldPalmer @daschaa
    MrArnoldPalmer authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    e291eef View commit details
    Browse the repository at this point in the history

  71. chore(deps): Bump awscli from 1.25.7 to 1.25.12 in /packages/@aws-cdk… 

    …/lambda-layer-awscli (aws#20797)

Bumps [awscli](https://github.com/aws/aws-cli) from 1.25.7 to 1.25.12.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/aws/aws-cli/blob/develop/CHANGELOG.rst">awscli's changelog</a>.</em></p>
<blockquote>
<h1>1.25.12</h1>
<ul>
<li>api-change:<code>connect</code>: This release updates these APIs: UpdateInstanceAttribute, DescribeInstanceAttribute and ListInstanceAttributes. You can use it to programmatically enable/disable High volume outbound communications using attribute type HIGH_VOLUME_OUTBOUND on the specified Amazon Connect instance.</li>
<li>api-change:<code>connectcampaigns</code>: Added Amazon Connect high volume outbound communications SDK.</li>
<li>api-change:<code>dynamodb</code>: Doc only update for DynamoDB service</li>
<li>api-change:<code>dynamodbstreams</code>: Update dynamodbstreams command to latest version</li>
</ul>
<h1>1.25.11</h1>
<ul>
<li>api-change:<code>redshift-data</code>: This release adds a new --workgroup-name field to operations that connect to an endpoint. Customers can now execute queries against their serverless workgroups.</li>
<li>api-change:<code>redshiftserverless</code>: Add new API operations for Amazon Redshift Serverless, a new way of using Amazon Redshift without needing to manually manage provisioned clusters. The new operations let you interact with Redshift Serverless resources, such as create snapshots, list VPC endpoints, delete resource policies, and more.</li>
<li>api-change:<code>secretsmanager</code>: Documentation updates for Secrets Manager</li>
<li>api-change:<code>securityhub</code>: Added Threats field for security findings. Added new resource details for ECS Container, ECS Task, RDS SecurityGroup, Kinesis Stream, EC2 TransitGateway, EFS AccessPoint, CloudFormation Stack, CloudWatch Alarm, VPC Peering Connection and WAF Rules</li>
</ul>
<h1>1.25.10</h1>
<ul>
<li>api-change:<code>finspace-data</code>: This release adds a new set of APIs, GetPermissionGroup, DisassociateUserFromPermissionGroup, AssociateUserToPermissionGroup, ListPermissionGroupsByUser, ListUsersByPermissionGroup.</li>
<li>api-change:<code>guardduty</code>: Adds finding fields available from GuardDuty Console. Adds FreeTrial related operations. Deprecates the use of various APIs related to Master Accounts and Replace them with Administrator Accounts.</li>
<li>api-change:<code>servicecatalog-appregistry</code>: This release adds a new API ListAttributeGroupsForApplication that returns associated attribute groups of an application. In addition, the UpdateApplication and UpdateAttributeGroup APIs will not allow users to update the 'Name' attribute.</li>
<li>api-change:<code>workspaces</code>: Added new field &quot;reason&quot; to OperationNotSupportedException. Receiving this exception in the DeregisterWorkspaceDirectory API will now return a reason giving more context on the failure.</li>
</ul>
<h1>1.25.9</h1>
<ul>
<li>api-change:<code>budgets</code>: Add a budgets ThrottlingException. Update the CostFilters value pattern.</li>
<li>api-change:<code>lookoutmetrics</code>: Adding filters to Alert and adding new UpdateAlert API.</li>
<li>api-change:<code>mediaconvert</code>: AWS Elemental MediaConvert SDK has added support for rules that constrain Automatic-ABR rendition selection when generating ABR package ladders.</li>
</ul>
<h1>1.25.8</h1>
<ul>
<li>api-change:<code>outposts</code>: This release adds API operations AWS uses to install Outpost servers.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/aws/aws-cli/commit/eca5ac5e9c9668013b5a4d4e4836e6ad5b33134e"><code>eca5ac5</code></a> Merge branch 'release-1.25.12'</li>
<li><a href="https://github.com/aws/aws-cli/commit/4515f4a5d2011b85eb8e6bd294c3fa7e6c59b6b6"><code>4515f4a</code></a> Bumping version to 1.25.12</li>
<li><a href="https://github.com/aws/aws-cli/commit/3b762db808e575444a63af975c46c46aaf8dd01f"><code>3b762db</code></a> Update changelog based on model updates</li>
<li><a href="https://github.com/aws/aws-cli/commit/6821ce207830039083cab0890bc49791a9d2e725"><code>6821ce2</code></a> Merge branch 'release-1.25.11'</li>
<li><a href="https://github.com/aws/aws-cli/commit/1bbb86c5ce203aed1991ce3f6b44b963145b738f"><code>1bbb86c</code></a> Merge branch 'release-1.25.11' into develop</li>
<li><a href="https://github.com/aws/aws-cli/commit/dd83f0a3535b0945692f7d313a50428d729fc256"><code>dd83f0a</code></a> Bumping version to 1.25.11</li>
<li><a href="https://github.com/aws/aws-cli/commit/3cd4868d9d4fcd8c200b75cf12f593dd7ef6af4a"><code>3cd4868</code></a> Update changelog based on model updates</li>
<li><a href="https://github.com/aws/aws-cli/commit/bd7e5083fea071aa79f1f1c1f4f680fa1c240119"><code>bd7e508</code></a> Merge branch 'release-1.25.10'</li>
<li><a href="https://github.com/aws/aws-cli/commit/5d337fcbe7a9f202ceb3067ca929a5a675fb7522"><code>5d337fc</code></a> Merge branch 'release-1.25.10' into develop</li>
<li><a href="https://github.com/aws/aws-cli/commit/b0ff60a308285a5f37bccd3842fa5285b83f8f57"><code>b0ff60a</code></a> Bumping version to 1.25.10</li>
<li>Additional commits viewable in <a href="https://github.com/aws/aws-cli/compare/1.25.7...1.25.12">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=awscli&package-manager=pip&previous-version=1.25.7&new-version=1.25.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
    @dependabot @daschaa
    dependabot[bot] authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    33c2da1 View commit details
    Browse the repository at this point in the history

  72. fix(eks): revert shell=True and allow public ecr to work (aws#20724) 

    This fixes the change made by the following PR. aws#19778

`shell=True` caused regression observed in the following issue: [20402](aws#20402)

The code should now allow Public and Private AWS ECR repositories to work with oci prefix.

----

### All Submissions:

* [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? No

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @harshadbhatia @daschaa
    harshadbhatia authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    60e5ff6 View commit details
    Browse the repository at this point in the history

  73. chore(deps): Bump awscli from 1.25.12 to 1.25.17 in /packages/@aws-cd… 

    …k/lambda-layer-awscli (aws#20883)

Bumps [awscli](https://github.com/aws/aws-cli) from 1.25.12 to 1.25.17.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/aws/aws-cli/blob/develop/CHANGELOG.rst">awscli's changelog</a>.</em></p>
<blockquote>
<h1>1.25.17</h1>
<ul>
<li>api-change:<code>glue</code>: This release enables the new ListCrawls API for viewing the AWS Glue Crawler run history.</li>
<li>api-change:<code>rds-data</code>: Documentation updates for RDS Data API</li>
</ul>
<h1>1.25.16</h1>
<ul>
<li>api-change:<code>lookoutequipment</code>: This release adds visualizations to the scheduled inference results. Users will be able to see interference results, including diagnostic results from their running inference schedulers.</li>
<li>api-change:<code>mediaconvert</code>: AWS Elemental MediaConvert SDK has released support for automatic DolbyVision metadata generation when converting HDR10 to DolbyVision.</li>
<li>api-change:<code>mgn</code>: New and modified APIs for the Post-Migration Framework</li>
<li>api-change:<code>migration-hub-refactor-spaces</code>: This release adds the new API UpdateRoute that allows route to be updated to ACTIVE/INACTIVE state. In addition, CreateRoute API will now allow users to create route in ACTIVE/INACTIVE state.</li>
<li>api-change:<code>sagemaker</code>: SageMaker Ground Truth now supports Virtual Private Cloud. Customers can launch labeling jobs and access to their private workforce in VPC mode.</li>
</ul>
<h1>1.25.15</h1>
<ul>
<li>api-change:<code>apigateway</code>: Documentation updates for Amazon API Gateway</li>
<li>api-change:<code>pricing</code>: This release introduces 1 update to the GetProducts API. The serviceCode attribute is now required when you use the GetProductsRequest.</li>
<li>api-change:<code>transfer</code>: Until today, the service supported only RSA host keys and user keys. Now with this launch, Transfer Family has expanded the support for ECDSA and ED25519 host keys and user keys, enabling customers to support a broader set of clients by choosing RSA, ECDSA, and ED25519 host and user keys.</li>
</ul>
<h1>1.25.14</h1>
<ul>
<li>api-change:<code>ec2</code>: This release adds support for Private IP VPNs, a new feature allowing S2S VPN connections to use private ip addresses as the tunnel outside ip address over Direct Connect as transport.</li>
<li>api-change:<code>ecs</code>: Amazon ECS UpdateService now supports the following parameters: PlacementStrategies, PlacementConstraints and CapacityProviderStrategy.</li>
<li>api-change:<code>wellarchitected</code>: Adds support for lens tagging, Adds support for multiple helpful-resource urls and multiple improvement-plan urls.</li>
</ul>
<h1>1.25.13</h1>
<ul>
<li>api-change:<code>ds</code>: This release adds support for describing and updating AWS Managed Microsoft AD settings</li>
<li>api-change:<code>kafka</code>: Documentation updates to use Az Id during cluster creation.</li>
<li>api-change:<code>outposts</code>: This release adds the AssetLocation structure to the ListAssets response. AssetLocation includes the RackElevation for an Asset.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/aws/aws-cli/commit/88d873eeb595cf0a5e8d12952a16dcc0dfdbafbf"><code>88d873e</code></a> Merge branch 'release-1.25.17'</li>
<li><a href="https://github.com/aws/aws-cli/commit/b0022d99f447225c62ea687248bca93f9c01bee5"><code>b0022d9</code></a> Bumping version to 1.25.17</li>
<li><a href="https://github.com/aws/aws-cli/commit/09a4452be2b3b6cdff467b2dc07863a81e90c7ac"><code>09a4452</code></a> Update changelog based on model updates</li>
<li><a href="https://github.com/aws/aws-cli/commit/724f7d59ebc213e35dca882b92ad18fa03a67eb4"><code>724f7d5</code></a> Merge branch 'release-1.25.16'</li>
<li><a href="https://github.com/aws/aws-cli/commit/d9c81468081b3164d609a52dee237da4c162af54"><code>d9c8146</code></a> Merge branch 'release-1.25.16' into develop</li>
<li><a href="https://github.com/aws/aws-cli/commit/3f653b6e948b92a64aaea801f70e8669c7e17602"><code>3f653b6</code></a> Bumping version to 1.25.16</li>
<li><a href="https://github.com/aws/aws-cli/commit/c6c64cc1ecb32eb174761a3088d723a329b66d36"><code>c6c64cc</code></a> Update changelog based on model updates</li>
<li><a href="https://github.com/aws/aws-cli/commit/ddbb3ae12538d9c388c630d96ae28e8108ae4146"><code>ddbb3ae</code></a> Merge branch 'release-1.25.15'</li>
<li><a href="https://github.com/aws/aws-cli/commit/c83eb8b2b57973e37906bd13dbcde8aad23d607b"><code>c83eb8b</code></a> Merge branch 'release-1.25.15' into develop</li>
<li><a href="https://github.com/aws/aws-cli/commit/c67c649242e42963939c00b2cbcd0868724b0dd7"><code>c67c649</code></a> Bumping version to 1.25.15</li>
<li>Additional commits viewable in <a href="https://github.com/aws/aws-cli/compare/1.25.12...1.25.17">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=awscli&package-manager=pip&previous-version=1.25.12&new-version=1.25.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
    @dependabot @daschaa
    dependabot[bot] authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    2c689a3 View commit details
    Browse the repository at this point in the history

  74. fix(apigateway): Explicitly test for undefined instead of falsey for … 

    …stage default options (aws#20868)

Fixes aws#20860

Default options for throttling burst and rate limits could be interpreted incorrectly as undefined if they were set to zero. 

----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @flemjame-at-amazon @daschaa
    flemjame-at-amazon authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    4c2f1fc View commit details
    Browse the repository at this point in the history

  75. feat(rds): add missing aurora postgres versions (aws#20830) 

    Add new Postgres versions which are already available in AWS. 

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @wilhen01 @daschaa
    wilhen01 authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    ab6b95f View commit details
    Browse the repository at this point in the history

  76. feat(appmesh): ipv6 support for app mesh (aws#20766) 

    App Mesh has released IPv6 support. This has been exposed in the form of IP preferences which have been added to the Mesh and Virtual Node resources. IP preferences are optional for both resources and there is no default IP preference that is applied by App Mesh.

The following are samples of App Mesh resources with IP preferences configured.
```
# Mesh
"spec": {
    "serviceDiscovery": {
        "ipPreference": "IPv6_PREFERRED"
    }
}
```

```
# Virtual Node
"spec": {
    "listeners": [
        {
            "healthCheck": {
                "healthyThreshold": 2,
                "intervalMillis": 5000,
                "path": "/ping",
                "protocol": "http",
                "timeoutMillis": 2000,
                "unhealthyThreshold": 2
            },
            "portMapping": {
                "port": 9080,
                "protocol": "http"
            }
        }
    ],
    "serviceDiscovery": {
        "dns": {
            "hostname": "colorteller-red.default.svc.cluster.local",
            "ipPreference": "IPv4_ONLY"
        }
    }
}
```

IP preferences on a Mesh apply the preference to all Virtual Nodes contained within that Mesh. IP preferences set on a Virtual Node will only apply to that particular Virtual Node. Additionally, Virtual Node IP preferences will override the Mesh IP preference if there is one present.

There are three areas in which the IP preference impacts how Envoy configuration generation. Firstly, setting any IP preference will change the Envoy's listeners (ingress and egress) to bind to IPv4 and IPv6 allowing the Envoy to serve all traffic from both IP versions. Secondly, the IP version specified in the name of the preference will be the IP version used for sending traffic to the local application for Envoys running as a sidecar to an application. (IPv4_ONLY/PREFERRED - IPv4, IPv6_ONLY/PREFERRED - IPv6) Lastly, it will impact how each service discovery option will be treated. For CloudMap service discovery, ONLY options will only return IPs from CloudMap for the matching version type and PREFERRED options will first used the primary IP version first and fall back to the other IP version for the IPs returned from CloudMap. For DNS service discovery, it will be similar to CloudMap service discovery in terms of only using one IP version or fall back behavior. However, this will come in the form of changing the Envoy's DNS resolver to exhibit this behavior when performing DNS resolution.

This is a summarized version of the feature. For more details, a more thorough write up can be found here: https://github.com/aws/aws-app-mesh-examples/tree/main/walkthroughs/howto-ipv6#ip-preferences-in-meshes-and-virtual-nodes

Closes aws#20737


### All Submissions:

* [Y] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [N] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [Y] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [Y] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @AKBarcenas @daschaa
    AKBarcenas authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    44741e4 View commit details
    Browse the repository at this point in the history

  77. chore: advertise construct hub on the readme (aws#20844) 

    ----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @kaizencc @daschaa
    kaizencc authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    2500604 View commit details
    Browse the repository at this point in the history

  78. feat(lambda): grant function permissions to an AWS organization (aws#… 

    …19975)

Closes aws#19538, also fixes aws#20146. I combined them because they touch the same surface area and it would be too hairy to separate them out.

See [lambda docs](https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html#permissions-resource-xorginvoke) for this feature.

Introduces functionality to grant permissions to an organization in the following ways:

```ts
declare const  fn = new lambda.Function;

// grant to an organization
fn.grantInvoke(iam.OrganizationPrincipal('o-xxxxxxxxxx');

// grant to an account in an organization
fn.grantInvoke(iam.AccountPrincipal('123456789012').inOrganization('o-xxxxxxxxxx'));
```

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @kaizencc @daschaa
    kaizencc authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    133596b View commit details
    Browse the repository at this point in the history

  79. feat(cognito): make grant() available on IUserPool (aws#20799) 

    Added in aws#20285 but missing on `IUserPool`

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @jogold @daschaa
    jogold authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    0b38c4f View commit details
    Browse the repository at this point in the history

  80. chore(docdb): non-TS examples fail to build due to the wrong enum bei… 

    …ng used (aws#20906)

Due to a bug in jsii, only the first instance of enums that have duplicate values appear in non-TS languages. This means that non-TS examples that use the enums that do not appear fail to build. This PR changes the enums used to fix the failing examples.

fixes aws#20747

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @josephedward @daschaa
    josephedward authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    fe0472d View commit details
    Browse the repository at this point in the history

  81. chore(cfnspec): new libraries do not conform to pkglint (aws#20900) 

    When we updated the minimum Node version, we did not update it
in the template that is used to stamp out new construct libraries
when new CFN namespaces are added to the spec.

Meaning every cfnspec update now fails because the new packages
fail `pkglint` validation.

Update the Node version in the template.

Closes aws#20856.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @rix0rrr @daschaa
    rix0rrr authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    2901251 View commit details
    Browse the repository at this point in the history

  82. fix(secretsmanager): SecretRotation app does not set DeletionPolicy (a… 

    …ws#20901)

Internal Amazon campaigns are validating that all
`AWS::Serverless::Application` resources have `DeletionPolicy` set.

Since `AWS::Serverless::Application` is not classified as a stateful
resource by our metadata (nor could/should it be, because who knows?)
we don't benefit from the automatic support for these policies from
our model.

Instead, manually add the required `Delete` policies on the
`CfnApplication`.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @rix0rrr @daschaa
    rix0rrr authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    2068c9a View commit details
    Browse the repository at this point in the history

  83. feat(iam): PolicyStatements can be frozen (aws#20911) 

    PolicyStatements now have a `freeze()` method, which prevents further
modification. `freeze()` is called just prior to rendering and other
statement manipulation.

This has two benefits:

- Construct authors can `freeze()` statements and be sure that consumer
  code holding a reference to the statement can no longer mutate it
  later.
- Third-party library authors that generate IAM statements lazily
  (specifically, `cdk-iam-floyd`) can hook into the `freeze()` method
  to do their generation.


----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @rix0rrr @daschaa
    rix0rrr authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    b7fd8b8 View commit details
    Browse the repository at this point in the history

  84. docs(codepeline): ECR cannot trigger on multiple tags (aws#20897) 

    The current ECR source action docs seem to indicate you can make it
trigger on more than one tag at a time (or even all tags). This is
not true, so stop advertising that feature.

Fixes aws#20594.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @rix0rrr @daschaa
    rix0rrr authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    6c7e17c View commit details
    Browse the repository at this point in the history

  85. docs(pipelines): describe how to work around policy size errors (aws#… 

    …20569)

Fixes aws#20565.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @rix0rrr @daschaa
    rix0rrr authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    1e69401 View commit details
    Browse the repository at this point in the history

  86. chore(cfnspec): Add coverage directory to npmignore (backport aws#20016 

    …) (aws#20931)

This is an automatic backport of pull request aws#20016 done by [Mergify](https://mergify.com).


---


<details>
<summary>Mergify commands and options</summary>

<br />

More conditions and actions can be found in the [documentation](https://docs.mergify.com/).

You can also trigger Mergify actions by commenting on this pull request:

- `@Mergifyio refresh` will re-evaluate the rules
- `@Mergifyio rebase` will rebase this PR on its base branch
- `@Mergifyio update` will merge the base branch into this PR
- `@Mergifyio backport <destination>` will backport this PR on `<destination>` branch

Additionally, on Mergify [dashboard](https://dashboard.mergify.com/) you can:

- look at your merge queues
- generate the Mergify configuration with the config editor.

Finally, you can contact us on https://mergify.com
</details>
    @mergify @daschaa
    mergify[bot] authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    38cd247 View commit details
    Browse the repository at this point in the history

  87. refactor: update enum types to remove duplicate member values (backport 

    aws#19320) (aws#20932)

This is an automatic backport of pull request aws#19320 done by [Mergify](https://mergify.com).
Cherry-pick of b0346a4 has failed:
```
On branch mergify/bp/main/pr-19320
Your branch is up to date with 'origin/main'.

You are currently cherry-picking commit b0346a4.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   packages/@aws-cdk/aws-ec2/lib/instance-types.ts
	modified:   packages/@aws-cdk/aws-ec2/lib/machine-image.ts
	modified:   packages/@aws-cdk/aws-ec2/lib/port.ts
	modified:   packages/@aws-cdk/aws-ec2/lib/util.ts
	modified:   packages/@aws-cdk/aws-ec2/test/instance.test.ts

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   packages/@aws-cdk/aws-ec2/lib/vpc.ts
	both modified:   packages/@aws-cdk/aws-ec2/lib/windows-versions.ts

```


To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/github/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

---


<details>
<summary>Mergify commands and options</summary>

<br />

More conditions and actions can be found in the [documentation](https://docs.mergify.com/).

You can also trigger Mergify actions by commenting on this pull request:

- `@Mergifyio refresh` will re-evaluate the rules
- `@Mergifyio rebase` will rebase this PR on its base branch
- `@Mergifyio update` will merge the base branch into this PR
- `@Mergifyio backport <destination>` will backport this PR on `<destination>` branch

Additionally, on Mergify [dashboard](https://dashboard.mergify.com/) you can:

- look at your merge queues
- generate the Mergify configuration with the config editor.

Finally, you can contact us on https://mergify.com
</details>
    @mergify @daschaa
    mergify[bot] authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    5c8dd14 View commit details
    Browse the repository at this point in the history

  88. chore(release): 2.30.0

    @daschaa
    AWS CDK Team authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    036d8cd View commit details
    Browse the repository at this point in the history

  89. Update CHANGELOG.v2.md

    @rix0rrr @daschaa
    rix0rrr authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    4bd5bce View commit details
    Browse the repository at this point in the history

  90. feat(autoscaling): step scaling policy supports estimatedInstanceWarm… 

    …up property (aws#20936)

Fix aws#10514

----

### All Submissions:

* [ x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @BDeus @daschaa
    BDeus authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    eb5fc48 View commit details
    Browse the repository at this point in the history

  91. fix: custom resources log sensitive ResponseURL field (aws#20899) 

    All custom resource implementations start by logging the input `event`, so that issues will be easier to diagnose.

Part of the payload of this event is the `ResponseURL` field, which is a pre-signed S3 URL where CloudFormation expects the success/failure result of the Custom Resource. By logging the `ResponseURL` to CloudWatch, we open an attack vector where an attacker who has access to read CloudWatch URLs can race the Custom Resource implementation to write a fake response to the presigned S3 URL, thereby faking the result of the CR (making the deployment fail when it should have succeeded, or make it succeed when it should have failed).

Remove the `ResponseURL` from all logging output, and have the Custom Resource Provider remove it from the Payload that gets sent to the user function as well. 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @rix0rrr @daschaa
    rix0rrr authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    42198c7 View commit details
    Browse the repository at this point in the history

  92. feat(s3): Event Bridge notification can be enabled after the bucket i… 

    …s created (aws#20913)

Make `enableEventBridgeNotification()` public and available in `IBucket`.

Unmanaged buckets can also have the notification enabled.

Fixes aws#20824.


----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @otaviomacedo @daschaa
    otaviomacedo authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    41df699 View commit details
    Browse the repository at this point in the history

  93. fix(cloudfront): fromOriginAccessIdentityName is a misnomer (aws#20772) 

    fixes aws#20141

----

### All Submissions:

* [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @dbartholomae @daschaa
    dbartholomae authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    0294ef9 View commit details
    Browse the repository at this point in the history

  94. Remove redundancy to improve clarity (aws#20963) 

    CFN Resources was mentioned twice in a way that was redundant and reduced clarity.


----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @GuyDev1 @daschaa
    GuyDev1 authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    3a99d20 View commit details
    Browse the repository at this point in the history

  95. chore(deps): Bump awscli from 1.25.17 to 1.25.22 in /packages/@aws-cd… 

    …k/lambda-layer-awscli (aws#20978)

Bumps [awscli](https://github.com/aws/aws-cli) from 1.25.17 to 1.25.22.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/aws/aws-cli/blob/develop/CHANGELOG.rst">awscli's changelog</a>.</em></p>
<blockquote>
<h1>1.25.22</h1>
<ul>
<li>api-change:<code>dms</code>: Added new features for AWS DMS version 3.4.7 that includes new endpoint settings for S3, OpenSearch, Postgres, SQLServer and Oracle.</li>
<li>api-change:<code>rds</code>: Adds support for additional retention periods to Performance Insights.</li>
</ul>
<h1>1.25.21</h1>
<ul>
<li>api-change:<code>athena</code>: This feature introduces the API support for Athena's parameterized query and BatchGetPreparedStatement API.</li>
<li>api-change:<code>customer-profiles</code>: This release adds the optional MinAllowedConfidenceScoreForMerging parameter to the CreateDomain, UpdateDomain, and GetAutoMergingPreview APIs in Customer Profiles. This parameter is used as a threshold to influence the profile auto-merging step of the Identity Resolution process.</li>
<li>api-change:<code>emr</code>: Update emr command to latest version</li>
<li>api-change:<code>glue</code>: This release adds tag as an input of CreateDatabase</li>
<li>api-change:<code>kendra</code>: Amazon Kendra now provides a data source connector for alfresco</li>
<li>api-change:<code>mwaa</code>: Documentation updates for Amazon Managed Workflows for Apache Airflow.</li>
<li>api-change:<code>pricing</code>: Documentation update for GetProducts Response.</li>
<li>api-change:<code>wellarchitected</code>: Added support for UpdateGlobalSettings API. Added status filter to ListWorkloadShares and ListLensShares.</li>
<li>api-change:<code>workmail</code>: This release adds support for managing user availability configurations in Amazon WorkMail.</li>
</ul>
<h1>1.25.20</h1>
<ul>
<li>api-change:<code>appstream</code>: Includes support for StreamingExperienceSettings in CreateStack and UpdateStack APIs</li>
<li>api-change:<code>elbv2</code>: Update elbv2 command to latest version</li>
<li>api-change:<code>emr</code>: Update emr command to latest version</li>
<li>api-change:<code>medialive</code>: This release adds support for automatic renewal of MediaLive reservations at the end of each reservation term. Automatic renewal is optional. This release also adds support for labelling accessibility-focused audio and caption tracks in HLS outputs.</li>
<li>api-change:<code>redshift-serverless</code>: Add new API operations for Amazon Redshift Serverless, a new way of using Amazon Redshift without needing to manually manage provisioned clusters. The new operations let you interact with Redshift Serverless resources, such as create snapshots, list VPC endpoints, delete resource policies, and more.</li>
<li>api-change:<code>sagemaker</code>: This release adds: UpdateFeatureGroup, UpdateFeatureMetadata, DescribeFeatureMetadata APIs; FeatureMetadata type in Search API; LastModifiedTime, LastUpdateStatus, OnlineStoreTotalSizeBytes in DescribeFeatureGroup API.</li>
<li>api-change:<code>translate</code>: Added ListLanguages API which can be used to list the languages supported by Translate.</li>
</ul>
<h1>1.25.19</h1>
<ul>
<li>api-change:<code>datasync</code>: AWS DataSync now supports Amazon FSx for NetApp ONTAP locations.</li>
<li>api-change:<code>ec2</code>: This release adds a new spread placement group to EC2 Placement Groups: host level spread, which spread instances between physical hosts, available to Outpost customers only. CreatePlacementGroup and DescribePlacementGroups APIs were updated with a new parameter: SpreadLevel to support this feature.</li>
<li>api-change:<code>finspace-data</code>: Release new API GetExternalDataViewAccessDetails</li>
<li>api-change:<code>polly</code>: Add 4 new neural voices - Pedro (es-US), Liam (fr-CA), Daniel (de-DE) and Arthur (en-GB).</li>
</ul>
<h1>1.25.18</h1>
<ul>
<li>api-change:<code>iot</code>: This release ease the restriction for the input of tag value to align with AWS standard, now instead of min length 1, we change it to min length 0.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/aws/aws-cli/commit/c9909c41bb4362b4373f120e832900f5cdba57cc"><code>c9909c4</code></a> Merge branch 'release-1.25.22'</li>
<li><a href="https://github.com/aws/aws-cli/commit/e66532a1044cf26db892e686fedf60d8dbedbd94"><code>e66532a</code></a> Bumping version to 1.25.22</li>
<li><a href="https://github.com/aws/aws-cli/commit/8d6737340beb5f24c6fde5146ccfda7bc08700f3"><code>8d67373</code></a> Update changelog based on model updates</li>
<li><a href="https://github.com/aws/aws-cli/commit/bd2e04cb1c837c051e4d45a2210c0f4fab5e8dad"><code>bd2e04c</code></a> Merge branch 'release-1.25.21'</li>
<li><a href="https://github.com/aws/aws-cli/commit/c3eec161713ffd7e01c239bd0761fcf02db183aa"><code>c3eec16</code></a> Merge branch 'release-1.25.21' into develop</li>
<li><a href="https://github.com/aws/aws-cli/commit/fd47b901d2fac4330d447c57f9bf2fcded9ec140"><code>fd47b90</code></a> Bumping version to 1.25.21</li>
<li><a href="https://github.com/aws/aws-cli/commit/ce14b7b541ccc398c92de7cef87a98be4cebebcf"><code>ce14b7b</code></a> Merge commit '43c7def09a6ce05753a4fd8a54da7ee98128554b' into stage-release-de...</li>
<li><a href="https://github.com/aws/aws-cli/commit/9d4cc92174ee1b4d258ea188e70941cdb8a01d86"><code>9d4cc92</code></a> Update changelog based on model updates</li>
<li><a href="https://github.com/aws/aws-cli/commit/ef7b4d565370a3eb0a81fac2f520c8baa4e9284c"><code>ef7b4d5</code></a> Merge branch 'release-1.25.20' into develop</li>
<li><a href="https://github.com/aws/aws-cli/commit/7f44303eabfc9061f86dc2a2a8d4db9da0bff9ea"><code>7f44303</code></a> Merge branch 'release-1.25.20'</li>
<li>Additional commits viewable in <a href="https://github.com/aws/aws-cli/compare/1.25.17...1.25.22">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=awscli&package-manager=pip&previous-version=1.25.17&new-version=1.25.22)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
    @dependabot @daschaa
    dependabot[bot] authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    46013cb View commit details
    Browse the repository at this point in the history

  96. fix(cli): standard log messages are sent to stderr when CI=true (aws#… 

    …20957)

The CLI currently sends almost all logs to `stderr`, even success
messages. Based on the linked issue, this was done to make terminal
colors easier to see. While this might make it easier for users that are
running the CLI from their local machine, it causes issues on some CI
systems that will exit if anything is written to `stderr` (even when the
exit code is 0).

This PR updates all of the logging mechanisms to recognize the `ci`
argument. If `--ci` is passed, or the environment variable `CI=true`
then all logs (except for error logs) will be sent to `stdout`.
Currently the `ci` argument was only available on the `deploy` command,
but this PR moves that to the global arguments list so that it will
apply to all commands.

I tested this manually on a CDK app by using a script to capture
`stderr` and `stdout`.

```bash

export CI=true
key="$1"

cmd="npx cdk deploy"

errlog=$(mktemp)
stdlog=$(mktemp)
$cmd 1>> "$stdlog" 2> "$errlog"

echo "-------------------errlog---------------------"
cat "$errlog"
echo "-------------------stdlog---------------------"
cat "$stdlog"
rm -f "$errlog"
rm -f "$stdlog"
```

I also added new unit and integration tests that validate the change.

fixes aws#7717


----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @corymhall @daschaa
    corymhall authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    e69e14e View commit details
    Browse the repository at this point in the history

  97. chore: a couple more places where ResponseURL is logged (aws#20977) 

    Follow-up to aws#20899, missed a couple of spots.

Marking this a `chore` instead of a `fix` since the previous commit will
already show up in the CHANGELOG and both this and aws#20899 will go into
the same release.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @rix0rrr @daschaa
    rix0rrr authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    fe1701a View commit details
    Browse the repository at this point in the history

  98. feat(cfnspec): cloudformation spec v78.1.0 (aws#20952)

    @aws-cdk-automation @daschaa
    aws-cdk-automation authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    44ff695 View commit details
    Browse the repository at this point in the history

  99. docs: clarify commit prefixes (aws#20910) 

    ----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @rix0rrr @daschaa
    rix0rrr authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    50f012a View commit details
    Browse the repository at this point in the history

  100. chore: make does-not-exist.json actually not exist (aws#20986) 

    Somehow this file got checked in. Remove it.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @rix0rrr @daschaa
    rix0rrr authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    f5c72e4 View commit details
    Browse the repository at this point in the history

  101. refactor: remove more duplicate enum values (aws#20982) 

    This is a follow-up to aws#19320: there are more duplicate enum values that
need to be removed, in anticipation of a jsii release that will make
these duplicate values illegal.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @rix0rrr @daschaa
    rix0rrr authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    47bfc7e View commit details
    Browse the repository at this point in the history

  102. fix(stepfunctions-tasks): SqsSendMessage is missing KMS permissions (a… 

    …ws#20990)

The SqsSendMessage task does not add the required KMS permissions when
the destination queue uses a custom encryption key.

This changes adds the `kms:Decrypt` and `kms:GenerateDataKey*` actions.


----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @jesterhazy @daschaa
    jesterhazy authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    1568aae View commit details
    Browse the repository at this point in the history

  103. docs: explain procedure for rotating a SecretsManager Secret (aws#20989) 

    CloudFormation will not automatically check all Secrets for their
values, so it is up to the user to incude a change in the resource
that uses a Secret, so that CloudFormation will re-read the value.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @rix0rrr @daschaa
    rix0rrr authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    7bb58af View commit details
    Browse the repository at this point in the history

  104. docs(pipelines): explain lookup-role assumption error (aws#20999) 

    ----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @rix0rrr @daschaa
    rix0rrr authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    9f37a5a View commit details
    Browse the repository at this point in the history

  105. docs: fix wrong annotation used in example (aws#20964) 

    Used a misleading `@mutating` annotation instead of a `@config` annotation.


----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @GuyDev1 @daschaa
    GuyDev1 authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    015429d View commit details
    Browse the repository at this point in the history

  106. feat(batch): add secrets props to job definition (aws#20871) 

    Add a secrets property to batch.JobDefinitionContainer. This interface is almost the same as ecs.ContainerDefinitionOptions.

This is reopen PR of aws#19506

closes aws#10976

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @yoshizawa56 @daschaa
    yoshizawa56 authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    3c26443 View commit details
    Browse the repository at this point in the history

  107. docs(opensearch): add example for token based import (aws#20915) 

    Documentation for changes made in PR aws#15219 - issue aws#15188

Normally one would not put the domain endpoint as a static value in a CF stack.
A more realistic use case is to manage an opensearch domain from CF stack A and use it via CF stack B, C, D ...
Stack A would export the domainEndpoint and also domainArn - the other stacks can then import those values and import the domain.

This PR will add an example for the realistic scenario so people do not end up with errors like "Invalid URL" when a token endpoint is provided.



----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @akleiber @daschaa
    akleiber authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    2419a28 View commit details
    Browse the repository at this point in the history

  108. chore: fix ci=true integ tests (aws#21000) 

    `beforeEach()`/`afterEach()` do not work because of the crazy way we're doing parallelism in the CLI integ tests.

Remove the mechanism, explain that it does not work.

Also turn `warning()` logging into `stdout` so it doesn't fail builds on Azure.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @rix0rrr @daschaa
    rix0rrr authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    ee52967 View commit details
    Browse the repository at this point in the history

  109. feat(dynamodb): imported tables always grant permissions for indexes (a… 

    …ws#20682)

When we use imported tables, grant methods don't grant permissions for indexes unless local indexes or global secondary indexes are specified. The information for indexes is used only for grant permissions now. Users either keep track of index information of the imported tables or specify random index (e.g. `*`) as a workaround to obtain the permissions. This PR let imported tables grant permissions for indexes without providing indexes.

close aws#13703 

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @i05nagai @daschaa
    i05nagai authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    266f843 View commit details
    Browse the repository at this point in the history

  110. fix(route53): cannot delete existing alias record (aws#20858) 

    For an alias record, the `ListResourceRecordSets` call returns an empty array
that the `ChangeResourceRecordSets` call doesn't accept.

Remove undefined and empty arrays when calling `ChangeResourceRecordSets`.

See aws/aws-sdk-js#3411

Closes aws#20847


----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @jogold @daschaa
    jogold authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    13c1e6f View commit details
    Browse the repository at this point in the history

  111. chore(deps): Bump parse-url from 6.0.0 to 6.0.2 (aws#21005) 

    Bumps [parse-url](https://github.com/IonicaBizau/parse-url) from 6.0.0 to 6.0.2.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/IonicaBizau/parse-url/commits">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=parse-url&package-manager=npm_and_yarn&previous-version=6.0.0&new-version=6.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts).

</details>
    @dependabot @daschaa
    dependabot[bot] authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    25e2f9e View commit details
    Browse the repository at this point in the history

  112. chore: add cdklabs scope to our analytics (aws#20981) 

    So we have tracking on our `cdklabs` projects. 

----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @iliapolo @daschaa
    iliapolo authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    ed621df View commit details
    Browse the repository at this point in the history

  113. feat(aws-s3): create default bucket policy when required (under featu… 

    …re flag) (aws#20765)

Created a new feature flag `@aws-cdk/aws-s3:createDefaultLoggingPolicy`

There are certain types of S3 Buckets that AWS will automatically create a bucket policy for you if you do not create one. For example, if you create an S3 Bucket to be used as the destination for VPC Flow Logs and you  do not create a Bucket Policy, AWS will automatically create a bucket policy for you. The full list of resources can be found [here](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3)

- [X] Vpc Flow Logs
~- [ ] AWS Network Firewall logs~ (No L2 support yet)
~- [ ] AWS Global Accelerator flow logs~ ([not currently possible](aws-cloudformation/cloudformation-coverage-roadmap#922)]
~- [ ] EC2 Spot Instance data feed~(no cloudformation support yet)
~- [ ] CloudFront access logs & streaming access logs~ (CloudFront uses bucket ACL _not_ bucket policy)
- [X] Network Load Balancer access logs (already done)
- [x] Amazon Managed Streaming for Apache Kafka broker logs

If we allow AWS to create these policies automatically, it prevents CDK from every managing that policy in the future. Since we know what the policy should be we should instead create the logging bucket with the required policy.

fixes aws#18816


----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @corymhall @daschaa
    corymhall authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    f296b8c View commit details
    Browse the repository at this point in the history

  114. fix(eks): latest AlbController version isn't compatible with the ch… 

    …art version (aws#20826)

Bump the chart version.

Fixes aws#20764

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @adriantaut @daschaa
    adriantaut authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    46f7c27 View commit details
    Browse the repository at this point in the history

  115. feat(ec2): add additional instance type classes (aws#20972) 

    This PR adds the following EC2 instance type classes:
- u-3tb1
- m6id
- c6id
- r6id
- p3dn
- dl1
- g3s

Requested in issue aws#20924.

Please add tags `pr-linter/exempt-readme` and `pr-linter/exempt-test`. I only added new enum values, therefore no readme changes and test cases should be required.

----

### All Submissions:

* [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @jumic @daschaa
    jumic authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    5cf21d5 View commit details
    Browse the repository at this point in the history

  116. feat(elbv2) expose connection_termination attribute on network target… 

    … group (aws#20821)

This adds `deregistration_delay.connection_termination.enabled` attribute to the `NetworkTargetGroupProps` as `connectionTermination`. This is [specific to Network Load balancers](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-targetgroup-targetgroupattribute.html).

I have added integration tests and unit tests.

closes aws#17010
----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @michaeldrey @daschaa
    michaeldrey authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    4f44a4b View commit details
    Browse the repository at this point in the history

  117. docs: clarify cfnInclude parameters (aws#21001) 

    fixes aws#20905

----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @peterwoodworth @daschaa
    peterwoodworth authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    8a9eac5 View commit details
    Browse the repository at this point in the history

  118. chore(release): 2.31.0

    @daschaa
    AWS CDK Team authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    979c080 View commit details
    Browse the repository at this point in the history

  119. fix(custom-resources): Custom resource provider framework not passing… 

    … `ResponseURL` to user function (aws#21065)

aws#20889 included a change that broke the custom resource framework by not including the necessary presigned URL. This includes the presigned URL, and fixes the issue. This PR does not include test changes because this is the runtime code.

Closes aws#21058

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @comcalvi @daschaa
    comcalvi authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    ec54a90 View commit details
    Browse the repository at this point in the history

  120. chore(release): 2.31.1

    @comcalvi @daschaa
    comcalvi authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    d8c3133 View commit details
    Browse the repository at this point in the history

  121. changelog format

    @comcalvi @daschaa
    comcalvi authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    4ec4087 View commit details
    Browse the repository at this point in the history

  122. feat(ec2): expose interface endpoint service shortname (aws#20965) 

    This PR exposes the short name of the InterfaceVpcEndpointService as an additional property. This helps constructs getting it as a param to derive the service name without parsing regional reverse-FQDNs.

As it only adds a property, I think no readme change is needed here.

----

### All Submissions:

* [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)


*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @hoegertn @daschaa
    hoegertn authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    004725b View commit details
    Browse the repository at this point in the history

  123. feat(codebuild): add support for new codebuild images (aws#20992) 

    Fixes aws#20960.

Adds support for the new CodeBuild images `Linux Standard 6.0` and `Amazon Linux 4.0`.

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @daschaa
    daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    faa45da View commit details
    Browse the repository at this point in the history

  124. chore(eks): update cdk8s integration docs to use cdk8s v2 (aws#20919) 

    The docs were still referencing cdk8s v1 - which doesn't work with `aws-cdk-lib`.

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @iliapolo @daschaa
    iliapolo authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    ad3ffa2 View commit details
    Browse the repository at this point in the history

  125. chore(sns): addSubscription does not return the subscription (aws#20819) 

    ----





### Description
Related to the following issue: aws#20657. Added a return statement to addSubscription to return the Subscription

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @jonnekaunisto @daschaa
    jonnekaunisto authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    cc18b71 View commit details
    Browse the repository at this point in the history

  126. chore: remove cfnspec patch for Cognito::UserPool.UsernameConfigurati… 

    …on (aws#21029)

This patch is no longer necessary now that the breaking change changing `UsernameConfiguration.CaseSensitive` from optional to required has been reverted. 

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @madeline-k @daschaa
    madeline-k authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    f9de2ce View commit details
    Browse the repository at this point in the history

  127. fix(triggers): permissions race condition (aws#19455) 

    fixes aws#19272

> Adding a dependency on the permissions should be good enough

We are planning to use triggers as an e2e test which would run on every deployment.
I wanted to reduce the moving parts and avoid an IAM change each time. Therefore I opted for widening the permission to all versions. 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @tenjaa @daschaa
    tenjaa authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    99d4d52 View commit details
    Browse the repository at this point in the history

  128. doc(cli): point out cdk watch limitations (aws#21033) 

    ----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @rix0rrr @daschaa
    rix0rrr authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    45313d3 View commit details
    Browse the repository at this point in the history

  129. feat(integ-tests): expose adding IAM policies to the assertion provid… 

    …er (aws#20769)

Currently the `AwsApiCall` construct will try and automatically create
the correct IAM policy based on the service and api call being used. The
assumption was that in most cases this would work, but it turns out that
in the first couple use cases we've seen this is not the case.

This PR adds another method `addToRolePolicy` on the
`AssertionsProvider` construct and then makes the provider a `public`
attribute on `AwsApICall`. This allows you to add additional policies.


----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @corymhall @daschaa
    corymhall authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    f304781 View commit details
    Browse the repository at this point in the history

  130. fix(cli): CLI errors when run as a non-existent user (aws#21018) 

    The CDK home directory was being created in the users home directory,
but this causes an error if for some reason the user does not have a
home directory.

This PR adds some fallback logic so that if the users home directory does not exist it will fall back to
creating a tmp directory.

fix aws#7937


----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @corymhall @daschaa
    corymhall authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    9f69d99 View commit details
    Browse the repository at this point in the history

  131. feat(batch): add launchTemplateId in LaunchTemplateSpecification (aws… 

    …#20184)

Closes aws#20163

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @robertd @daschaa
    robertd authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    d915732 View commit details
    Browse the repository at this point in the history

  132. chore: update F# template for new addSubscription signature (aws#21038 

    )

Our build currently breaks because the F# template assumes that `addSubscription` returns `void`, which we recently changed.

Ignore the return value of the function instead.

Given the choice between:

```
topic.AddSubscription(SqsSubscription(queue)) |> ignore
ignore topic.AddSubscription(SqsSubscription(queue))
```

Went with the first, the second reads a little dismissive :)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @rix0rrr @daschaa
    rix0rrr authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    62d80e7 View commit details
    Browse the repository at this point in the history

  133. fix(logs): ResourcePolicy does not have a defaultChild (aws#21039) 

    The L1 construct has the wrong name (should have been `Resource`
but was made to be `ResourcePolicy`).

Explicitly assign the default child.


----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @rix0rrr @daschaa
    rix0rrr authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    d8bd45c View commit details
    Browse the repository at this point in the history

  134. fix(pipelines): cannot publish assets to more than 35 environments (a… 

    …ws#21010)

We used to use `Lazy.list()` to render the list of Role ARNs that the
Asset Publishing Role needs to assume.

The Lazy list cannot be split up, meaning the overflow rendering logic
we recently added cannot apply to this policy. Turn the lazy list into
mutating a policy statement in-place, so the policy overflow logic can
split the policy statement into multiple managed policies.

Also in this PR:

- To keep the tests behavior consistent (on whether arrays get rendered to the `Resource` field in statements or not, regardless of exactly which code path is taken), change the behavior of `PolicyStatement`, have it eagerly dedupe in memory.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @rix0rrr @daschaa
    rix0rrr authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    c3b9091 View commit details
    Browse the repository at this point in the history

  135. fix(aws-ec2): flow log destinationOptions requires all properties (aw… 

    …s#21042)

PR aws#20765 introduced destinationOptions, but only introduced one of the
optional properties ('hiveCompatiblePartitions') since that is the only
property that was relevant for the PR. The [docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html#cfn-ec2-flowlog-destinationoptions)
don't specify this, but if you provide `destinationOptions` you must
specify a value for each prop, otherwise you will receive an error
message on deploy.

This PR adds the two additional properties.

re aws#21037


----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @corymhall @daschaa
    corymhall authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    2e9551b View commit details
    Browse the repository at this point in the history

  136. chore: add manual dispatch option to issue reprioritization manager (a… 

    …ws#21044)

This allows us to manually run the action when we want, especially in situations where the weekly run failed.

----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @kaizencc @daschaa
    kaizencc authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    cda6f10 View commit details
    Browse the repository at this point in the history

  137. fix: flowlog has no default child (aws#21045) 

    Calling defaultChild on `FlowLog` results in undefined. Explicitly set CfnResource as default child

----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @peterwoodworth @daschaa
    peterwoodworth authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    174b77b View commit details
    Browse the repository at this point in the history

  138. chore(init-templates): remove v1 init templates (aws#21019) 

    A v1 app or library cannot be created from the v2 cli. This cleans up the v1 init template code.

This is stupidly long because of the amount of files deleted and moved so here's a rundown of the changes:
- v1 templates deleted (github is showing some of these as renamed because they were duplicates of the v2 files that did get moved)
- v2 templates removed from `v2` folder and moved directly under `init-templates`
- hook files imports updated (another place where it shows the change to v1 instead of v2 because the contents were the same) for templates and sample apps
- `init.ts`: updated file paths to flattened directory
- `init.test.ts`: 
    - updated tests to only run for v2 templates
    - added test for `fsharp` since it was missing
    - updated .NET tests to look in the contents of the `.sln` file for the project information. I noticed that this test sometimes still passed when the `init` actually failed.


Note: This is the first of two PRs to fix the bug for creating .NET projects with spaces in the file path (issue aws#18803). This PR was done separately so the bug fix didn't get lost in the 300 file changes due to the cleanup.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @TheRealAmazonKendra @daschaa
    TheRealAmazonKendra authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    2b4d28e View commit details
    Browse the repository at this point in the history

  139. feat(core): add a description parameter for the NestedStackProps (aws… 

    …#20930)

This PR adds a description parameter for the NestedStackProps.

Fixes aws#16337

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @joe-king-sh @daschaa
    joe-king-sh authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    e7f4602 View commit details
    Browse the repository at this point in the history

  140. docs(ecs-patterns): make property descriptions more clear (aws#19404) 

    ----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @mkrauklis @daschaa
    mkrauklis authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    46c05ae View commit details
    Browse the repository at this point in the history

  141. docs(ecs): add an example for AsgCapacityProvider with EC2 LaunchTemp… 

    …late (aws#21047)

This pull request offer an example to resolve aws#20870 for AutoScalingGroup uses EC2 LaunchTemplate within ecs cluster. 

Closes aws#20870
    @kimisme9386 @daschaa
    kimisme9386 authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    01b5869 View commit details
    Browse the repository at this point in the history

  142. fix(route53): publichostedzone import returns IHostedZone instead of … 

    …IPublicHostedZone (aws#21007)

fixes aws#21004 


----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @peterwoodworth @daschaa
    peterwoodworth authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    d804573 View commit details
    Browse the repository at this point in the history

  143. fix(cli): format of tags in cdk.json is not validated (aws#21050) 

    If tags is present in cdk.json, validate that it is an array of objects, and each object has a Tag string and a Value string. If tags is not structurally valid `cdk bootstrap` and `cdk deploy` fail with an error.

`tags must be an array of { Tag: string, Value: string } objects`

There is no attempt to validate the strings of each Tag and Value beyond that they are strings.

closes aws#20854 

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @SydneyUni-Jim @daschaa
    SydneyUni-Jim authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    5a74a84 View commit details
    Browse the repository at this point in the history

  144. feat(cfnspec): cloudformation spec v79.0.0 (aws#21053)

    @aws-cdk-automation @daschaa
    aws-cdk-automation authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    7dab761 View commit details
    Browse the repository at this point in the history

  145. fix(iam): conditions parameters accept array values (aws#21009) 

    Because of the type declaration of `Conditions`, which was `{ [key: string]: any }`, and the way TypeScript interprets `any`, it was possible to pass arrays in where maps/objects were expected.

Change the type of `Condition` to `unknown`, which makes the type of `Conditions == { [key: string]: unknown }`. This makes TypeScript no longer accept arrays where objects were expected.

Would love loved to make the type of `Condition == { [key: string]: unknown }` as well to be even tighter, but apparently we rely on being able to pass `CfnJson` in where a condition goes, which is an object.

Closes aws#20974.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @rix0rrr @daschaa
    rix0rrr authored and daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    99b5bbb View commit details
    Browse the repository at this point in the history

  146. fix(sns-subscriptions): restrict encryption of queue to only the resp… 

    …ective sns topic (under feature flag) (aws#20521)

Implements aws#20339 

The change adds a conditional that only the corresponding SNS Topic can decrypt the SQS queue with the KMS-Key if one was given.

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
    @daschaa
    daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    f7f9ff2 View commit details
    Browse the repository at this point in the history

  147. ✨ Adds region to fromLookup and to fromVpcAttributes

    @daschaa
    daschaa committed Jul 9, 2022
    Configuration menu
    Copy the full SHA
    e8a1011 View commit details
    Browse the repository at this point in the history

  148. Merge branch 'main' into hostedzone-vpc-region

    @daschaa
    daschaa authored Jul 9, 2022
    Configuration menu
    Copy the full SHA
    fcc388d View commit details
    Browse the repository at this point in the history

Commits on Jul 15, 2022

  1. Merge branch 'main' into hostedzone-vpc-region

    @daschaa
    daschaa authored Jul 15, 2022
    Configuration menu
    Copy the full SHA
    66a3c4f View commit details
    Browse the repository at this point in the history

Commits on Jul 18, 2022

  1. Merge branch 'main' into hostedzone-vpc-region

    @mergify
    mergify[bot] authored Jul 18, 2022
    Configuration menu
    Copy the full SHA
    1a96ebc View commit details
    Browse the repository at this point in the history

Commits on Aug 1, 2022

  1. Merge branch 'aws:main' into hostedzone-vpc-region

    @daschaa
    daschaa authored Aug 1, 2022
    Configuration menu
    Copy the full SHA
    3630c38 View commit details
    Browse the repository at this point in the history

  2. ♻️ Changes due to review

    @daschaa
    daschaa committed Aug 1, 2022
    Configuration menu
    Copy the full SHA
    8dfd079 View commit details
    Browse the repository at this point in the history

Commits on Aug 8, 2022

  1. ✅ Adds integration tests for lookup

    @daschaa
    daschaa committed Aug 8, 2022
    Configuration menu
    Copy the full SHA
    49b23d7 View commit details
    Browse the repository at this point in the history

  2. Merge branch 'main' into hostedzone-vpc-region

    @daschaa
    daschaa authored Aug 8, 2022
    Configuration menu
    Copy the full SHA
    9e0c533 View commit details
    Browse the repository at this point in the history

Commits on Sep 7, 2022

  1. Merge branch 'main' into hostedzone-vpc-region

    @mergify
    mergify[bot] authored Sep 7, 2022
    Configuration menu
    Copy the full SHA
    b515e6a View commit details
    Browse the repository at this point in the history

  2. ♻️ Changes due to review

    @daschaa
    daschaa committed Sep 7, 2022
    Configuration menu
    Copy the full SHA
    9063de0 View commit details
    Browse the repository at this point in the history

  3. Merge branch 'main' into hostedzone-vpc-region

    @mergify
    mergify[bot] authored Sep 7, 2022
    Configuration menu
    Copy the full SHA
    9d0ed5b View commit details
    Browse the repository at this point in the history

  4. Merge branch 'main' into hostedzone-vpc-region

    @mergify
    mergify[bot] authored Sep 7, 2022
    Configuration menu
    Copy the full SHA
    84aca59 View commit details
    Browse the repository at this point in the history