aws
diff --git a/‎.gitattributes‎
Lines changed: 3 additions & 0 deletions b/‎.gitattributes‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/ISSUE_TEMPLATE/region.yml‎
Lines changed: 1 addition & 0 deletions b/‎.github/ISSUE_TEMPLATE/region.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/codecov.yml‎
Lines changed: 7 additions & 0 deletions b/‎.github/workflows/codecov.yml‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎.github/workflows/enum-auto-updater.yml‎
Lines changed: 42 additions & 3 deletions b/‎.github/workflows/enum-auto-updater.yml‎
Lines changed: 42 additions & 3 deletions
diff --git a/‎.github/workflows/github-merit-badger.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/github-merit-badger.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/security-guardian.yml‎
Lines changed: 67 additions & 0 deletions b/‎.github/workflows/security-guardian.yml‎
Lines changed: 67 additions & 0 deletions
diff --git a/‎.mergify.yml‎
Lines changed: 13 additions & 2 deletions b/‎.mergify.yml‎
Lines changed: 13 additions & 2 deletions
diff --git a/‎CHANGELOG.v2.alpha.md‎
Lines changed: 64 additions & 0 deletions b/‎CHANGELOG.v2.alpha.md‎
Lines changed: 64 additions & 0 deletions
@@ -17,3 +17,6 @@ packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.buck
 packages/@aws-cdk-testing/framework-integ/test/**/*.snapshot/**/asset*.zip filter=lfs diff=lfs merge=lfs -text
 packages/@aws-cdk/*-alpha/test/**/*.snapshot/**/asset*.zip filter=lfs diff=lfs merge=lfs -text
 packages/@aws-cdk/*-alpha/test/*.snapshot/asset.*/bootstrap filter=lfs diff=lfs merge=lfs -text
+packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-large-file/asset*/large*  filter=lfs diff=lfs merge=lfs -text
+packages/@aws-cdk/*-alpha/test/*.snapshot/asset*.zip filter=lfs diff=lfs merge=lfs -text
+packages/@aws-cdk-testing/framework-integ/test/**/*.snapshot/asset*.zip filter=lfs diff=lfs merge=lfs -text
@@ -83,4 +83,5 @@ body:
         * [ ] Add region and ARN in [ADOT_LAMBDA_LAYER_PYTHON_SDK_ARNS](https://github.com/aws/aws-cdk/blob/v2.65.0/packages/@aws-cdk/region-info/build-tools/fact-tables.ts#L768) for most recent version in `x86_64` and `arm64`.
         * [ ] Add region and ARN in [ADOT_LAMBDA_LAYER_GENERIC_ARNS](https://github.com/aws/aws-cdk/blob/v2.65.0/packages/@aws-cdk/region-info/build-tools/fact-tables.ts#L847) for most recent version in `x86_64` and `arm64`.
         * [ ] Add region in [AWS_REGIONS_AND_RULES](https://github.com/aws/aws-cdk/blob/v2.65.0/packages/@aws-cdk/region-info/lib/aws-entities.ts).
+        * [ ] Add partition info if the region is also a new partition in [PARTITION_MAP](https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/region-info/build-tools/fact-tables.ts#L88)
         * [ ] Run integ tests and update snapshots
@@ -6,13 +6,20 @@ on:
   pull_request:
     branches: [ "main" ]
 
+permissions:
+  contents: write  # Required for actions/upload-pages-artifact
+  pages: write     # Required for actions/deploy-pages
+  id-token: write  # Required for actions/deploy-pages
+
 jobs:
   collect:
     name: collect
     if: github.repository == 'aws/aws-cdk'
     runs-on: ubuntu-latest
     permissions:
       id-token: write
+      contents: read
+      pages: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
@@ -1,6 +1,8 @@
 name: CDK Enums Auto Updater
 on:
   workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * 1'
 
 jobs:
   update-l2-enums:
@@ -23,6 +25,44 @@ jobs:
       - name: Install dependencies
         run: cd tools/@aws-cdk/enum-updater && yarn install --frozen-lockfile && yarn build
 
+      - name: Update enum static mapping
+        run: |
+          cd tools/@aws-cdk/enum-updater
+          ./bin/update-static-enum-mapping
+
+      - name: Check for changes
+        id: static-mapping-check
+        run: |
+          cd tools/@aws-cdk/enum-updater
+          if [[ -n "$(git status --porcelain ./lib/static-enum-mapping.json)" ]]; then
+            echo "changes=true" >> $GITHUB_OUTPUT
+          else
+            echo "changes=false" >> $GITHUB_OUTPUT
+          fi
+      
+      - name: Create PR for static mapping changes
+        if: steps.static-mapping-check.outputs.changes == 'true'
+        run: |
+          cd tools/@aws-cdk/enum-updater
+          git config --global user.name 'aws-cdk-automation'
+          git config --global user.email '[email protected]'
+
+          # Create a new branch for the module
+          branchName="enum-update/static-mapping-update"
+          git checkout -b "$branchName"
+
+          git add .  # Add all files changed
+          git commit -m "chore: update enum static mapping"
+          git push origin "$branchName"
+
+          gh pr create --title "chore: update enum static mapping" \
+           --body "This PR updates the CDK enum mapping file." \
+           --base main \
+           --head "$branchName" \
+           --label "contribution/core,pr-linter/exempt-integ-test,pr-linter/exempt-readme,pr-linter/exempt-test"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Identify Missing Values and Apply Code Changes
         run: |
           cd tools/@aws-cdk/enum-updater
@@ -40,10 +80,9 @@ jobs:
       - name: Commit & Push changes
         if: steps.git-check.outputs.changes == 'true'
         run: |
+          # Iterate through each module directory that has changes
           git config --global user.name 'aws-cdk-automation'
           git config --global user.email '[email protected]'
-          
-          # Iterate through each module directory that has changes
           for module in $(git diff --name-only | grep -E '^packages/(@aws-cdk|aws-cdk-lib)/.*' | sed -E 's|^packages/(@aws-cdk\|aws-cdk-lib)/([^/]+).*|\2|' | sort -u); do
             moduleName=$(basename $module)
                         
@@ -79,7 +118,7 @@ jobs:
           gh pr create --title "chore(${moduleName#aws-}): add new enum values for ${moduleName#aws-}" \
            --body "This PR updates the enum values for ${moduleName#aws-}." \
            --base main \
-           --head "$branchName"
+           --head "$branchName" \
            --label "contribution/core,pr-linter/exempt-integ-test,pr-linter/exempt-readme,pr-linter/exempt-test"
           done
         env:
 
@@ -17,4 +17,4 @@ jobs:
           badges: '[beginning-contributor,repeat-contributor,valued-contributor,admired-contributor,star-contributor,distinguished-contributor]'
           thresholds: '[0,3,6,13,25,50]'
           badge-type: 'achievement'
-          ignore-usernames: '[rix0rrr,iliapolo,otaviomacedo,kaizencc,TheRealAmazonKendra,mrgrain,pahud,kellertk,ashishdhingra,khushail,moelasmar,paulhcsun,GavinZZ,xazhao,gracelu0,shikha372,godwingrs22,bergjaak,IanKonlog,Leo10Gama,samson-keung,scorbiere,jiayiwang7,saiyush,5d,iankhou,QuantumNeuralCoder,SimonCMoore,aws-cdk-automation,dependabot[bot],mergify[bot]]'
+          ignore-usernames: '[rix0rrr,iliapolo,otaviomacedo,kaizencc,TheRealAmazonKendra,mrgrain,pahud,kellertk,ashishdhingra,khushail,moelasmar,paulhcsun,GavinZZ,xazhao,gracelu0,shikha372,godwingrs22,bergjaak,IanKonlog,Leo10Gama,samson-keung,scorbiere,jiayiwang7,saiyush,5d,iankhou,QuantumNeuralCoder,SimonCMoore,Y-JayKim,aws-cdk-automation,dependabot[bot],mergify[bot]]'
@@ -0,0 +1,67 @@
+name: Security Guardian
+on:
+  pull_request: {}
+
+jobs:
+  run-security-guardian:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Fetches full history
+
+      - name: Get list of changed .template.json files
+        id: filter_files
+        run: |
+          echo "Getting changed CloudFormation templates..."
+          mkdir -p changed_templates
+
+          git fetch origin main --depth=1
+
+          base_sha="${{ github.event.pull_request.base.sha }}"
+          head_sha="${{ github.event.pull_request.head.sha }}"
+          if [[ -z "$base_sha" ]]; then base_sha=$(git merge-base origin/main HEAD); fi
+          if [[ -z "$head_sha" ]]; then head_sha=HEAD; fi
+
+          git diff --name-status "$base_sha" "$head_sha" \
+            | grep -E '^(A|M)\s+.*\.template\.json$' \
+            | awk '{print $2}' > changed_files.txt || true
+
+          while IFS= read -r file; do
+            if [ -f "$file" ]; then
+              safe_name=$(echo "$file" | sed 's|/|_|g')
+              cp "$file" "changed_templates/$safe_name"
+            else
+              echo "::warning::Changed file not found in workspace: $file"
+            fi
+          done < changed_files.txt
+
+          if [ -s changed_files.txt ]; then
+            echo "files_changed=true" >> $GITHUB_OUTPUT
+          else
+            echo "files_changed=false" >> $GITHUB_OUTPUT
+          fi
+  
+      - name: Install cfn-guard
+        if: steps.filter_files.outputs.files_changed == 'true'
+        run: |
+          mkdir -p $HOME/.local/bin
+          curl -L -o cfn-guard.tar.gz https://github.com/aws-cloudformation/cloudformation-guard/releases/latest/download/cfn-guard-v3-x86_64-ubuntu-latest.tar.gz
+          tar -xzf cfn-guard.tar.gz
+          mv cfn-guard-v3-*/cfn-guard $HOME/.local/bin/cfn-guard
+          chmod +x $HOME/.local/bin/cfn-guard
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
+  
+      - name: Install & Build security-guardian
+        if: steps.filter_files.outputs.files_changed == 'true'
+        run: yarn install --frozen-lockfile && cd tools/@aws-cdk/security-guardian && yarn build
+
+      - name: Run cfn-guard if templates changed
+        if: steps.filter_files.outputs.files_changed == 'true'
+        uses: ./tools/@aws-cdk/security-guardian
+        with:
+          data_directory: './changed_templates'
+          rule_set_path: './tools/@aws-cdk/security-guardian/rules/trust_scope_rules.guard'
+          show_summary: 'fail'
+          output_format: 'single-line-summary'
@@ -63,9 +63,9 @@ pull_request_rules:
   - name: label core
     actions:
       label:
-        add: [ contribution/core ]
+        add: [contribution/core]
     conditions:
-      - author~=^(rix0rrr|iliapolo|otaviomacedo|kaizencc|TheRealAmazonKendra|mrgrain|pahud|ashishdhingra|kellertk|moelasmar|paulhcsun|GavinZZ|xazhao|gracelu0|shikha372|QuantumNeuralCoder|godwingrs22|bergjaak|samson-keung|IanKonlog|Leo10Gama|scorbiere|jiayiwang7|saiyush|5d|iankhou|SimonCMoore)$
+      - author~=^(rix0rrr|iliapolo|otaviomacedo|kaizencc|TheRealAmazonKendra|mrgrain|pahud|ashishdhingra|kellertk|moelasmar|paulhcsun|GavinZZ|xazhao|gracelu0|shikha372|QuantumNeuralCoder|godwingrs22|bergjaak|samson-keung|IanKonlog|Leo10Gama|scorbiere|jiayiwang7|saiyush|5d|iankhou|SimonCMoore|Y-JayKim)$
       - -label~="contribution/core"
   - name: automatic merge
     actions:
@@ -190,3 +190,14 @@ pull_request_rules:
       - "#changes-requested-reviews-by=0"
       - status-success~=AWS CodeBuild us-east-1
       - status-success=validate-pr
+priority_rules:
+  - name: priority for queue `default-merge`
+    conditions:
+      - -label~=(blocked|do-not-merge)
+      - label~=no-squash
+    priority: 2500
+  - name: priority for queue `priority-squash`
+    conditions:
+      - -label~=(blocked|do-not-merge|no-squash)
+      - label~=priority-pr
+    priority: 2250
@@ -2,6 +2,70 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.191.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.190.0-alpha.0...v2.191.0-alpha.0) (2025-04-22)
+
+
+### Features
+
+* **location:** throw ValidationError instead of untyped errors ([#34174](https://github.com/aws/aws-cdk/issues/34174)) ([2ecf14a](https://github.com/aws/aws-cdk/commit/2ecf14a0c3e5a988532975536980d81589ea448e))
+* **msk:** throw ValidationError instead of untyped errors ([#34214](https://github.com/aws/aws-cdk/issues/34214)) ([02cb5a4](https://github.com/aws/aws-cdk/commit/02cb5a4284e9aad2f8cc4fc8fcb2c1aebe8f92be))
+
+## [2.190.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.189.1-alpha.0...v2.190.0-alpha.0) (2025-04-16)
+
+
+### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES
+
+* **ec2-alpha:** The logical ID for the NAT Gateway, defined using the `addNatGateways` method, will be changed, resulting in the NAT Gateway being recreated. Additionally, the domain for the Elastic IP (EIP) will be set to `vpc`, which will also trigger its recreation in the account.
+
+### Features
+
+* **ec2:** enabling features for ipv6 and dualstack support with corresponding unit tests ([#33898](https://github.com/aws/aws-cdk/issues/33898)) ([47a65db](https://github.com/aws/aws-cdk/commit/47a65dbf00ce2a866be2546dcca5be818db70824)), closes [#3873](https://github.com/aws/aws-cdk/issues/3873) [#33493](https://github.com/aws/aws-cdk/issues/33493) [#33493](https://github.com/aws/aws-cdk/issues/33493)
+* **ec2:** throw ValidationErrors instead of untyped Errors ([#34127](https://github.com/aws/aws-cdk/issues/34127)) ([93313dd](https://github.com/aws/aws-cdk/commit/93313dded1d719691689c6fb59d7a7a77bb7dade))
+* **neptune-alpha:** add engine versions up to v1.4.5.0  ([#33989](https://github.com/aws/aws-cdk/issues/33989)) ([07f1d0a](https://github.com/aws/aws-cdk/commit/07f1d0a9d381fb9bceab0f836a2f1eb7977610c7)), closes [#33807](https://github.com/aws/aws-cdk/issues/33807)
+
+
+### Bug Fixes
+
+* **ec2-alpha:** add multiple NATGW to the VPC using addNatGateway method ([#34094](https://github.com/aws/aws-cdk/issues/34094)) ([ccd8de7](https://github.com/aws/aws-cdk/commit/ccd8de71c02068e43d36e2445dbb5e51f4aa695b))
+* **ec2-alpha:** update default config for Subnet's `assignIpv6AddressOnCreation` ([#34116](https://github.com/aws/aws-cdk/issues/34116)) ([dff2798](https://github.com/aws/aws-cdk/commit/dff279800edd9688fa5de04766ae2667472fe861))
+
+## [2.189.1-alpha.0](https://github.com/aws/aws-cdk/compare/v2.189.0-alpha.0...v2.189.1-alpha.0) (2025-04-14)
+
+## [2.189.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.188.0-alpha.0...v2.189.0-alpha.0) (2025-04-09)
+
+
+### Features
+
+* **ec2-alpha:** implement mapPublicIpOnLaunch prop in SubnetV2 ([#34057](https://github.com/aws/aws-cdk/issues/34057)) ([836c5cf](https://github.com/aws/aws-cdk/commit/836c5cf3e4c627f817e4dc8ed2af28a5bba54792)), closes [#32159](https://github.com/aws/aws-cdk/issues/32159)
+
+
+### Bug Fixes
+
+* **amplify:** unable to re-run integ test due to missing `status` field in `customRule` ([#33973](https://github.com/aws/aws-cdk/issues/33973)) ([6638c08](https://github.com/aws/aws-cdk/commit/6638c08d56afe7ecc4f23cff4cf334b887001e5e)), closes [#33962](https://github.com/aws/aws-cdk/issues/33962)
+
+## [2.188.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.187.0-alpha.0...v2.188.0-alpha.0) (2025-04-03)
+
+
+### Features
+
+* **ec2:** add mailmanager vpc endpoints ([#33996](https://github.com/aws/aws-cdk/issues/33996)) ([7ee77d7](https://github.com/aws/aws-cdk/commit/7ee77d71df569d21c280866976109333e3266132))
+* **eks-v2-alpha:** add new nodegroup ami type ([#34025](https://github.com/aws/aws-cdk/issues/34025)) ([864a7c6](https://github.com/aws/aws-cdk/commit/864a7c6f6811777971d1349e7552567604167f02))
+
+
+### Bug Fixes
+
+* **ec2-alpha:** addInternetGW handles shared route table for subnets ([#33824](https://github.com/aws/aws-cdk/issues/33824)) ([3154d01](https://github.com/aws/aws-cdk/commit/3154d016ba31455f2d57ff5d90ee7b394c25e88f)), closes [#33672](https://github.com/aws/aws-cdk/issues/33672)
+
+## [2.187.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.186.0-alpha.0...v2.187.0-alpha.0) (2025-03-31)
+
+
+### Features
+
+* **apprunner:** throw ValidationError instead of untyped errors ([#33914](https://github.com/aws/aws-cdk/issues/33914)) ([38f89af](https://github.com/aws/aws-cdk/commit/38f89afe2ffdf67b0918e38f861166bdb0f8738f))
+* **ec2:** adding `placementGroup` to `LaunchTemplateProps` and `LaunchTemplate` ([#33726](https://github.com/aws/aws-cdk/issues/33726)) ([e5f71db](https://github.com/aws/aws-cdk/commit/e5f71db53ce985172e565eb9da5692d77ab7b268)), closes [#33721](https://github.com/aws/aws-cdk/issues/33721)
+* **ec2:** support the new `SupportedRegions` property for `AWS::EC2::VPCEndpointService` ([#33959](https://github.com/aws/aws-cdk/issues/33959)) ([0c77cb6](https://github.com/aws/aws-cdk/commit/0c77cb627e1e7e729205624a9603331f5442af8e))
+* **iot:** backfill enum values in iot module ([#33969](https://github.com/aws/aws-cdk/issues/33969)) ([2a8a8a3](https://github.com/aws/aws-cdk/commit/2a8a8a36ed872f7f3de4b24fd7d9c874a3da9dbf))
+
 ## [2.186.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.185.0-alpha.0...v2.186.0-alpha.0) (2025-03-26)