chore(release): 2.187.0 #33985
Merged
chore(release): 2.187.0 #33985
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…chTemplate` (#33726) ### Issue # (if applicable) Closes #33721 ### Reason for this change To allow for passing `PlacementGroup`s to `LaunchTemplate`s ### Description of changes Adding `placementGroup` to `LaunchTemplateProps`. I chose to only implement this part of the `placement` field in LaunchTemplates, not doing anything with dedicated hosts or the like, as those don't have any CDK constructs. This change enables creating a `PlacementGroup` and passing it to a `LaunchTemplate` ### Describe any new or updated permissions being added None ### Description of how you validated changes Added a unit test, ran the existing tests as well. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change CDK apps have access to an informative env variable, containing the version of the CLI running the app. With the release of the CDK Toolkit Library, this value does not always represent what it should. As a future replacement, we are introducing a new env variable that will contain the version and package name of the package ### Description of changes Add a new env var name to `cx-api` to support a generic toolkit version. This value will contain the package name and version: "<package>@x.y.z", e.g "[email protected]" or "@aws-cdk/[email protected]" ### Describe any new or updated permissions being added n/a ### Description of how you validated changes n/a ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…:VPCEndpointService` (#33959) ### Issue # (if applicable) N/A ### Reason for this change Supporting the new L1 property in the L2 construct ### Description of changes Added a new L2 prop - `allowedRegions` - which is of type `string[]`. It gets passed to the L1 `SupportedRegions` property. ### Describe any new or updated permissions being added none ### Description of how you validated changes Unit tests and integ test ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #33952 ### Reason for this change Allow users to retain table replica ### Description of changes By default, we will retain table replica if table is retain. Otherwise, replica will be deleted by default. Users can optionally use the new field to set replica to destroy even if table is retain. ### Describe any new or updated permissions being added N/A ### Description of how you validated changes New integ tests and unit tests ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change The current enum updater workflow is broken. The PR is to fix that and add some other improvements. ### Description of changes - Fix enum updater workflow - add exclusion list so some enum values can be excluded from generation of the tool - bug fix ### Description of how you validated changes ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Since Nested Stack names are Tokens (resolving to `{ Ref: 'AWS::StackName' }`), if we use `this.stackName` as the asset name just like we do for regular stacks, we end up with Tokens in the display name of the nested stack template asset.
This is pointless because the token will not be resolved and look like `${Token[TOKEN.639]}`; plus, it breaks tests because the Token numbers are different on every run. In CDK Pipelines, it would also lead to the pipeline restarting on every pipeline run.
Instead, test for and reject Tokens, and use the nested stack's construct path instead just like we do for other assets.
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Description of changes feat(iot): backfill enum values in iot module CFN Doc: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-scheduledaudit.html#cfn-iot-scheduledaudit-dayofweek ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Follow up to this PR to add feature flag #33953
…rce (#33983) ### Issue # (if applicable) GHSA GHSA-qq4x-c6h6-rfxh ### Reason for this change ## Problem Summary Cognito User Pool Client secret being logged by a custom resource lambda function in the AWS Cloud Development Kit (CDK). ## Root Cause If the customer opts to generate a secret for the app client and refers to the field userPoolClientSecret, the getter method in CDK get userPoolClientSecret() triggers the creation of an AwsCustomResource to retrieve the client secret using an SDK API call (describeUserPoolClient). However, the API response includes the client secret value, which gets logged in the Lambda function. ### Description of changes - Change the logging behaviour in custom resource to hide logging of data associated with the API call response using Logging.withDataHidden(). - Add feature flag `@aws-cdk/cognito:logUserPoolClientSecretValue` to keep the existing logging behaviour for customers, by default the value is set to false to fix the identified vulnerability. ### Describe any new or updated permissions being added None ### Description of how you validated changes - Added unit test for both cases of feature flag. - Modified integ test with overriden feature flag default value. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws-cdk-automation
added
auto-approve
pr/no-squash
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Comments on closed issues and PRs are hard for our team to see. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
9 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG