chore(release): 2.209.0 #35159
Merged
chore(release): 2.209.0 #35159
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Issue # (if applicable) None ### Reason for this change - https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-extension-versionsARM.html - https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-extension-versionsx86-64.html ### Description of changes Add missing insights version ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…5115) ### Issue # (if applicable) Closes #35098 ### Reason for this change PR Builds are blocked due to Rosetta runs stage ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change Make mergify wait the Codebuild step to finish ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ources (#35023) ### Issue Related to #33054 ### Reason for this change This adds L2 construct support for S3 Tables Namespace and Table resources ### Description of changes - `Namespace`: defines an underlying [CfnNamespace L1 Resource](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3tables.CfnNamespace.html) - `Table`: defines an underlying [CfnTable L1 Resource](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3tables.CfnTable.html) These L2 constructs improve the user experience with strong type safety for input properties, more fail-fast validations, and the ability to import existing resources into CDK. #### Example Usage ```ts // Build a namespace const sampleNamespace = new Namespace(scope, 'ExampleNamespace', { namespaceName: 'example-namespace-1', tableBucket: tableBucket, }); // Build a table const sampleTable = new Table(scope, 'ExampleTable', { tableName: 'example_table', namespace: namespace, openTableFormat: OpenTableFormat.ICEBERG, withoutMetadata: true, }); // Build a table with an Iceberg Schema const sampleTableWithSchema = new Table(scope, 'ExampleSchemaTable', { tableName: 'example_table_with_schema', namespace: namespace, openTableFormat: OpenTableFormat.ICEBERG, icebergMetadata: { icebergSchema: { schemaFieldList: [ { name: 'id', type: 'int', required: true, }, { name: 'name', type: 'string', }, ], }, }, compaction: { status: Status.ENABLED, targetFileSizeMb: 128, }, snapshotManagement: { status: Status.ENABLED, maxSnapshotAgeHours: 48, minSnapshotsToKeep: 5, }, }); ``` ### Describe any new or updated permissions being added No permissions are being added with these changes. ### Description of how you validated changes - Added unit test coverage for new constructs - Added integration tests with default and explicit props ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #34230 ### Reason for this change This field is confusing customers, also make bad experience since it gave them downtime for their application, beside this if there's a deployment failure the ARecord will not rollback and will be deleted forever until the user manually create one, at the moment there's no way to make it rollbackable. ### Description of changes Deprecating property in ARecord construct ### Describe any new or updated permissions being added N/A ### Description of how you validated changes N/A ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)
…roviderProps (#35110) Fixes #35049 The deprecated 'role' property in ProviderProps interface had incorrect JSDoc @deprecated comment referencing non-existent property names: - frameworkOnEventLambdaRole (incorrect) - frameworkIsCompleteLambdaRole (incorrect) - frameworkOnTimeoutLambdaRole (incorrect) Updated to reference the correct property names: - frameworkOnEventRole - frameworkCompleteAndTimeoutRole This improves developer experience by providing accurate migration guidance when using the deprecated role property. ## Issue # (if applicable) Closes #35049. ## Reason for this change The JSDoc `@deprecated` comment for the `role` property in the `ProviderProps` interface contained incorrect property names that don't exist in the interface. This misleads developers who are trying to migrate away from the deprecated property, causing confusion and potential implementation errors. ## Description of changes **Files Modified:** - `packages/aws-cdk-lib/custom-resources/lib/provider-framework/provider.ts` (line 126) **Changes Made:** Updated the JSDoc `@deprecated` comment from: ```typescript @deprecated - Use frameworkOnEventLambdaRole, frameworkIsCompleteLambdaRole, frameworkOnTimeoutLambdaRole ``` To: ```typescript @deprecated - Use frameworkOnEventRole, frameworkCompleteAndTimeoutRole ``` **Why these changes address the issue:** - The corrected property names (`frameworkOnEventRole` and `frameworkCompleteAndTimeoutRole`) actually exist in the `ProviderProps` interface - These are the proper replacement properties that developers should use instead of the deprecated `role` property - The fix aligns the documentation with the actual API, preventing developer confusion **Alternatives considered:** - No alternatives were considered as this is a straightforward documentation correction to match existing interface properties **Design decisions:** - This is purely a documentation fix with no functional changes - The corrected property names were verified against the actual interface definition and existing test cases ## Describe any new or updated permissions being added No new or updated IAM permissions are needed. This is a documentation-only change that corrects JSDoc comments. ## Description of how you validated changes **Build Validation:** - ✅ Module builds successfully (`yarn build` in custom-resources) - ✅ JSII compilation passes without errors - ✅ ESLint passes without warnings **Property Name Verification:** - ✅ Confirmed `frameworkOnEventRole` exists in the `ProviderProps` interface (lines 147-154) - ✅ Confirmed `frameworkCompleteAndTimeoutRole` exists in the `ProviderProps` interface (lines 156-166) - ✅ Verified these properties are used in existing unit tests (`packages/aws-cdk-lib/custom-resources/test/provider-framework/provider.test.ts`) **Documentation Impact:** - ✅ JSDoc comments now reference actual interface properties - ✅ Generated language bindings will reflect corrected documentation - ✅ IDE tooltips will show accurate migration guidance ## Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change The parameter name `_` caused jsii processing issues for Java versions newer than version 9. This is because `_` is a preserved keyword there. ### Description of changes Renamed parameter from `_` to `_scope` instead. ### Describe any new or updated permissions being added No new permissions are added. ### Description of how you validated changes N/A ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.
### Reason for this change Both PR Build workflow files have same job name which is confusing mergify ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change
Add support for newly supported 8.0.mysql_aurora.3.10.0.
### Description of changes
Add a new version as a new property to AuroraMysqlEngineVersion class.
### Description of how you validated changes
I used the AWS CLI to verify that the new version is available.
```
aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[?EngineVersion=='8.0.mysql_aurora.3.10.0']"
[
{
"Engine": "aurora-mysql",
"EngineVersion": "8.0.mysql_aurora.3.10.0",
"DBParameterGroupFamily": "aurora-mysql8.0",
"DBEngineDescription": "Aurora MySQL",
"DBEngineVersionDescription": "Aurora MySQL 3.10.0 (compatible with MySQL 8.0.42)",
"ValidUpgradeTarget": [],
"ExportableLogTypes": [
"audit",
"error",
"general",
"iam-db-auth-error",
"instance",
"slowquery"
],
"SupportsLogExportsToCloudwatchLogs": true,
"SupportsReadReplica": false,
"SupportedEngineModes": [
"provisioned"
],
"SupportedFeatureNames": [
"Bedrock"
],
"Status": "available",
"SupportsParallelQuery": true,
"SupportsGlobalDatabases": true,
"MajorEngineVersion": "8.0",
"SupportsBabelfish": false,
"SupportsLimitlessDatabase": false,
"SupportsCertificateRotationWithoutRestart": true,
"SupportedCACertificateIdentifiers": [
"rds-ca-ecc384-g1",
"rds-ca-rsa4096-g1",
"rds-ca-rsa2048-g1"
],
"SupportsLocalWriteForwarding": true,
"SupportsIntegrations": true,
"ServerlessV2FeaturesSupport": {
"MinCapacity": 0.0,
"MaxCapacity": 256.0
}
}
```
### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
#35048) ### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change This PR introduces comprehensive support for Amazon Bedrock Inference Profiles in the AWS CDK Bedrock Alpha construct library, addressing the need for better cost tracking, model usage optimization, and cross-region inference capabilities. ### Description of changes 1. **Application Inference Profiles** : Added support for user-defined inference profiles that enable cost tracking and model usage monitoring Single-region application profiles for basic cost tracking Multi-region application profiles using cross-region inference profiles 2. **Cross-Region Inference Profiles**: Implemented system-defined profiles that enable seamless traffic distribution across multiple AWS regions - Support for handling unplanned traffic bursts - Enhanced resilience during peak demand periods - Geographic region-based routing (US, EU regions) 3. **Prompt Routers**: Added intelligent prompt routing capabilities ### Describe any new or updated permissions being added Implemented `grantProfileUsage()` method for proper IAM permission handling - Support for granting inference profile usage to other AWS resources - Proper IAM policy generation for profile access ### Description of how you validated changes Added unit test Added integ test And tested it with a cdkApp deployment. ### Checklist - [ Y] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Automated changes by [create-pull-request](https://github.com/peter-evans/create-pull-request) GitHub action
### Issue #34907 Closes #34907. ### Reason for this change Changelog generation sometimes treats stable changes as alpha changes. ### Description of changes - "BREAKING CHANGE TO EXPERIMENTAL CHANGES" is changed to just "BREAKING CHANGES", there's no guarantee that the all breaking changes are limited to alpha modules. - alpha package scopes will not be treated as equal to stable package scopes. - The phrase "CHANGES TO L1 RESOURCES" will be treated as a note group similar to "BREAKING CHANGES". The description of L1 change commits should use the phrase "CHANGES TO L1 RESOURCES" instead of "BREAKING CHANGES". ### Describe any new or updated permissions being added No new permissions are added. ### Description of how you validated changes Unit tests added. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Related to #33623. ### Reason for this change CDK has announced end of support for Node.js 14.x and 16.x on May 30th, 2025. ### Description of changes - Marked the Node 16 as deprecated in the custom resource provider (annotation) - Updated the linter rule - Replaced node versions in package.json - Ran the linter to verify ### Description of how you validated changes Ran the linter ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) N/A ### Reason for this change Add new field to feature flag report for the `cdk flags` CLI tool. ### Describe any new or updated permissions being added N/A ### Description of how you validated changes N/A ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…35061) ### Issue # (if applicable) Closes #35010 ### Reason for this change Introducing ECS native B/G deployment support in L2 constructs. https://aws.amazon.com/blogs/aws/accelerate-safe-software-releases-with-new-built-in-blue-green-deployments-in-amazon-ecs/ ### Description of changes Introduced the following properties to `base-service.ts`: - LoadBalancer - AdvancedConfiguration: https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-properties-ecs-service-loadbalancer.html#cfn-ecs-service-loadbalancer-advancedconfiguration - DeploymentConfiguration - Strategy: https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-properties-ecs-service-deploymentconfiguration.html#cfn-ecs-service-deploymentconfiguration-strategy - BakeTime: https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-properties-ecs-service-deploymentconfiguration.html#cfn-ecs-service-deploymentconfiguration-baketimeinminutes - LifecycleHooks: https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-properties-ecs-service-deploymentconfiguration.html#cfn-ecs-service-deploymentconfiguration-lifecyclehooks - ServiceConnect - TestTrafficRules: https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-properties-ecs-service-serviceconnectclientalias.html#cfn-ecs-service-serviceconnectclientalias-testtrafficrules ### Describe any new or updated permissions being added ### Description of how you validated changes Add unit tests and an integration test ### Checklist - [X ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…d through to deployment role name (#35118) ### Issue #28195 Closes #28195 ### Reason for this change When passing `bootstrapQualifier` in props to `AppStagingSynthesizer.defaultResources`, the synthesizer would still use the default qualifier `'hnb659fds'` when looking for bootstrap roles. ### Description of changes `BootstraplessSynthesizer` is modified to take `qualifier` as an optional argument (if not provided, default bootstrap qualifier 'hnb659fds' is used). The `bootstrapqualifier` is passed to `BootstraplessSynthesizer`, which is called in `AppStagingSynthesizer.defaultResources()`. These changes ensure that calls to `AppStagingSynthesizer.defaultResources` using the `bootstrapQualifier` will use the qualifier in the deployment and CloudFormation execution roles instead of the default qualifier 'hnb659fds'. ### Describe any new or updated permissions being added None. ### Description of how you validated changes Added unit tests for: - `BootstraplessSynthesizer`, which now optionally takes `qualifier` as an option - `AppStagingSynthesizer`, which passes `qualifier` to `BootstraplessSynthesizer` Tested by hand in a personal dev account. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…34906) ### Issue # (if applicable) N/A ### Reason for this change Currently, the fromLookup method uses `DBSecurityGroups`, which is designed for EC2-Classic resources. However, since EC2-Classic was retired, this property is no longer relevant. Reference: * https://repost.aws/questions/QUK2WnHCaYQxqkXbDBS5fODA/is-it-still-ok-to-use-aws-rds-dbsecuritygroup-in-cloudformation-templates * https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/TemplateReference/aws-resource-rds-dbsecuritygroupingress.html ### Description of changes Added `VPCSecurityGroups` to the `fromLookup` method to properly handle VPC security group lookups. ### Describe any new or updated permissions being added N/A ### Description of how you validated changes Add unit tests and an integ test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change There is currently an issue with the Go language integration of jsii v1.113.0. ### Description of changes Downgrading to v.1.112.0 ### Describe any new or updated permissions being added No new permissions are added. ### Description of how you validated changes N/A ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR updates the CDK enum mapping file.
Improve subprocess handling in EKS Helm custom resource handler. ### Reason for this change The EKS Helm custom resource handler used `shell=True` with subprocess calls, which is not aligned with security best practices. Following Python's recommended approach for subprocess execution improves code robustness and follows secure coding guidelines. ### Description of changes **Refactor subprocess execution to follow Python best practices** https://docs.python.org/3/library/subprocess.html#replacing-shell-pipeline - **Replaced shell command strings with array-based commands**: Refactored `get_oci_cmd()` to return structured command objects instead of shell strings - **Implemented proper subprocess pipelines**: Used `Popen` with `PIPE` to chain `aws ecr get-login-password` and `helm registry login` commands following Python documentation recommendations - **Removed `shell=True`**: Adopted array-based command execution as recommended by Python subprocess documentation - **Maintained functionality**: Preserved all existing behavior for private ECR, public ECR, and fallback scenarios **Files modified:** - `packages/@aws-cdk/custom-resource-handlers/lib/aws-eks/kubectl-handler/helm/__init__.py` - `packages/@aws-cdk/aws-eks-v2-alpha/lib/kubectl-handler/helm/__init__.py` - `packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/asset.*/helm/__init__.py` **Technical approach:** - Commands are now built as arrays: `['helm', 'pull', repository, '--version', version, '--untar']` - Pipeline implementation follows Python subprocess best practices using `Popen` with proper `PIPE` connections - User inputs are passed as separate array elements, ensuring proper argument handling ### Describe any new or updated permissions being added No new IAM permissions required. The change maintains the same AWS API calls and functionality. ### Description of how you validated changes - **Functionality testing**: Confirmed that ECR authentication and Helm chart pulling continues to work correctly for all scenarios - **Code review**: Verified implementation follows Python subprocess best practices as documented in the Python documentation - **Compatibility testing**: Ensured backward compatibility with existing CDK Helm chart deployments ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Improve subprocess handling in EKS Helm custom resource handler. Same PR as: #35141 ### Reason for this change The EKS Helm custom resource handler used `shell=True` with subprocess calls, which is not aligned with security best practices. Following Python's recommended approach for subprocess execution improves code robustness and follows secure coding guidelines. ### Description of changes **Refactor subprocess execution to follow Python best practices** https://docs.python.org/3/library/subprocess.html#replacing-shell-pipeline - **Replaced shell command strings with array-based commands**: Refactored `get_oci_cmd()` to return structured command objects instead of shell strings - **Implemented proper subprocess pipelines**: Used `Popen` with `PIPE` to chain `aws ecr get-login-password` and `helm registry login` commands following Python documentation recommendations - **Removed `shell=True`**: Adopted array-based command execution as recommended by Python subprocess documentation - **Maintained functionality**: Preserved all existing behavior for private ECR, public ECR, and fallback scenarios **Files modified:** - `packages/@aws-cdk/custom-resource-handlers/lib/aws-eks/kubectl-handler/helm/__init__.py` - `packages/@aws-cdk/aws-eks-v2-alpha/lib/kubectl-handler/helm/__init__.py` - `packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/asset.*/helm/__init__.py` **Technical approach:** - Commands are now built as arrays: `['helm', 'pull', repository, '--version', version, '--untar']` - Pipeline implementation follows Python subprocess best practices using `Popen` with proper `PIPE` connections - User inputs are passed as separate array elements, ensuring proper argument handling ### Describe any new or updated permissions being added No new IAM permissions required. The change maintains the same AWS API calls and functionality. ### Description of how you validated changes - **Functionality testing**: Confirmed that ECR authentication and Helm chart pulling continues to work correctly for all scenarios - **Code review**: Verified implementation follows Python subprocess best practices as documented in the Python documentation - **Compatibility testing**: Ensured backward compatibility with existing CDK Helm chart deployments ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
… capacity (#35152) ### Issue # (if applicable) N/A ### Reason for this change When support for the Windows Server Core 2022 image in AWS CodeBuild was initially added in #29754, the image type was not yet available for use with on-demand capacity. This has now changed apparently (and tested), so we can remove the validation preventing use. Additional removed a future looking test, since it is bad practices to add validations for the future without clearly documented evidence that this is going to happen. I've searched the current docs, and there's no note whatsoever that Windows Server Core 2022 images are not supported with on-demand capacity. ### Description of changes - Added Windows Server Core 2022 image support to the CodeBuild project configuration - Updated integration tests to include the new Windows Core 2022 image variant - Updated test snapshots to reflect the new image option ### Describe any new or updated permissions being added No new or updated IAM permissions are required for this change. ### Description of how you validated changes - Updated integration tests to include Windows Server Core 2022 image - Executed updated integration test to validate the configuration and updated test snapshots - Existing unit tests continue to pass ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws-cdk-automation
added
the
pr/needs-maintainer-review
aws-cdk-automation
previously requested changes
Aug 5, 2025
There was a problem hiding this comment.
The pull request linter fails with the following errors:
❌ Manual changes to the classes.ts file are not allowed.
❌ Manual changes to the enums.ts file are not allowed.
❌ Manual changes to the module-enums.json file are not allowed.
❌ Manual changes to the module-enumlikes.json file are not allowed.
If you believe this pull request should receive an exemption, please comment and provide a justification. A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed, add Clarification Request to a comment.
✅ A exemption request has been requested. Please wait for a maintainer's review.
aws-cdk-automation
removed
the
pr/needs-maintainer-review
|
Exemption Request: the changes here are the same as in #35155 which was created by automation. That PR had to be discarded due to stuck workflows likely caused by a GitHub issue. |
aws-cdk-automation
added
pr-linter/exemption-requested
aemada-aws
approved these changes
Aug 5, 2025
aemada-aws
removed
the
pr-linter/exemption-requested
aws-cdk-automation
removed
the
pr/needs-maintainer-review
vishaalmehrishi
dismissed
aws-cdk-automation’s stale review
As mentioned in the PR, this is manually-created replica of automatically-generated changes. The PR has been approved by a maintainer, who has also removed the pr-linter/exemption-requested label, indicating that the exemption has been granted.
Normally, this is followed by adding a specific exemption label, such as pr-linter/exempt-readme; however, there is no specific exemption label for the exemption requested on this PR. As a result of this, I am dismissing the review to unblock the merge and release.
aws-cdk-automation
previously requested changes
Aug 5, 2025
There was a problem hiding this comment.
The pull request linter fails with the following errors:
❌ Manual changes to the classes.ts file are not allowed.
❌ Manual changes to the enums.ts file are not allowed.
❌ Manual changes to the module-enums.json file are not allowed.
❌ Manual changes to the module-enumlikes.json file are not allowed.
If you believe this pull request should receive an exemption, please comment and provide a justification. A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed, add Clarification Request to a comment.
✅ A exemption request has been requested. Please wait for a maintainer's review.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
vishaalmehrishi
dismissed
aws-cdk-automation’s stale review
As mentioned in the PR, this is manually-created replica of automatically-generated changes. The PR has been approved by a maintainer, who has also removed the pr-linter/exemption-requested label, indicating that the exemption has been granted.
Normally, this is followed by adding a specific exemption label, such as pr-linter/exempt-readme; however, there is no specific exemption label for the exemption requested on this PR. As a result of this, I am dismissing the review to unblock the merge and release.
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Comments on closed issues and PRs are hard for our team to see. |
aws-cdk-automation
requested changes
Aug 5, 2025
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
18 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Replacement for #35155, which was closed due to stuck workflows (see #35155 (comment)).