Ipv6 vpc endpoints

.gitattributes

@@ -17,3 +17,6 @@ packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.buck
 packages/@aws-cdk-testing/framework-integ/test/**/*.snapshot/**/asset*.zip filter=lfs diff=lfs merge=lfs -text
 packages/@aws-cdk/*-alpha/test/**/*.snapshot/**/asset*.zip filter=lfs diff=lfs merge=lfs -text
 packages/@aws-cdk/*-alpha/test/*.snapshot/asset.*/bootstrap filter=lfs diff=lfs merge=lfs -text
+packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-large-file/asset*/large*  filter=lfs diff=lfs merge=lfs -text
+packages/@aws-cdk/*-alpha/test/*.snapshot/asset*.zip filter=lfs diff=lfs merge=lfs -text
+packages/@aws-cdk-testing/framework-integ/test/**/*.snapshot/asset*.zip filter=lfs diff=lfs merge=lfs -text

.github/ISSUE_TEMPLATE/region.yml

@@ -83,4 +83,5 @@ body:
         * [ ] Add region and ARN in [ADOT_LAMBDA_LAYER_PYTHON_SDK_ARNS](https://github.com/aws/aws-cdk/blob/v2.65.0/packages/@aws-cdk/region-info/build-tools/fact-tables.ts#L768) for most recent version in `x86_64` and `arm64`.
         * [ ] Add region and ARN in [ADOT_LAMBDA_LAYER_GENERIC_ARNS](https://github.com/aws/aws-cdk/blob/v2.65.0/packages/@aws-cdk/region-info/build-tools/fact-tables.ts#L847) for most recent version in `x86_64` and `arm64`.
         * [ ] Add region in [AWS_REGIONS_AND_RULES](https://github.com/aws/aws-cdk/blob/v2.65.0/packages/@aws-cdk/region-info/lib/aws-entities.ts).
+        * [ ] Add partition info if the region is also a new partition in [PARTITION_MAP](https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/region-info/build-tools/fact-tables.ts#L88)
         * [ ] Run integ tests and update snapshots

.github/workflows/README.md

@@ -128,3 +128,8 @@ Owner: CDK Support team
 
 [project-prioritization-needs-attention.yml](project-prioritization-needs-attention.yml): GitHub action that runs every day to update Needs Attention field in the prioritization project board.
 Owner: CDK Support team
+
+### PR Prioritization AddedOn update
+
+[project-prioritization-added-on.yml](project-prioritization-added-on.yml): GitHub action that runs every day to update AddedOn field in the prioritization project board.
+Owner: CDK Support team

.github/workflows/analytics-metadata-updater.yml

@@ -7,7 +7,7 @@ on:
 
 jobs:
   update-analytics-metadata:
-    if: github.repository == 'aws/aws-cdk'
+    if: github.repository == 'aws/aws-cdk' && github.actor == 'aws-cdk-automation'
     runs-on: ubuntu-latest
     permissions:
       contents: write

.github/workflows/codecov.yml

@@ -13,6 +13,8 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       id-token: write
+      contents: read
+      pages: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4

.github/workflows/enum-auto-updater.yml

@@ -1,6 +1,8 @@
 name: CDK Enums Auto Updater
 on:
   workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * 1'
 
 jobs:
   update-l2-enums:
@@ -21,7 +23,41 @@ jobs:
           NODE_OPTIONS: "--max-old-space-size=8196 --experimental-worker ${NODE_OPTIONS:-}"
 
       - name: Install dependencies
-        run: yarn install --frozen-lockfile && cd tools/@aws-cdk/enum-updater && yarn build
+        run: cd tools/@aws-cdk/enum-updater && yarn install --frozen-lockfile && yarn build
+
+      - name: Update enum static mapping
+        run: |
+          cd tools/@aws-cdk/enum-updater
+          ./bin/update-static-enum-mapping
+
+      - name: Check for changes
+        id: static-mapping-check
+        run: |
+          if [[ -n "$(git status --porcelain ./lib/static-enum-mapping.json)" ]]; then
+            echo "changes=true" >> $GITHUB_OUTPUT
+          else
+            echo "changes=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Create PR for static mapping changes
+        if: steps.static-mapping-check.outputs.changes == 'true'
+        run: |
+          git config --global user.name 'aws-cdk-automation'
+          git config --global user.email '[email protected]'
+
+          # Create a new branch for the module
+          branchName="enum-update/static-mapping-update"
+          git checkout -b "$branchName"
+
+          git add .  # Add all files changed
+          git commit -m "chore: update enum static mapping"
+          git push origin "$branchName"
+
+          gh pr create --title "chore: update enum static mapping" \
+           --body "This PR updates the CDK enum mapping file." \
+           --base main \
+           --head "$branchName"
+           --label "contribution/core,pr-linter/exempt-integ-test,pr-linter/exempt-readme,pr-linter/exempt-test"
 
       - name: Identify Missing Values and Apply Code Changes
         run: |
@@ -40,12 +76,19 @@ jobs:
       - name: Commit & Push changes
         if: steps.git-check.outputs.changes == 'true'
         run: |
-          git config --global user.name 'aws-cdk-automation'
-          git config --global user.email '[email protected]'
-
           # Iterate through each module directory that has changes
           for module in $(git diff --name-only | grep -E '^packages/(@aws-cdk|aws-cdk-lib)/.*' | sed -E 's|^packages/(@aws-cdk\|aws-cdk-lib)/([^/]+).*|\2|' | sort -u); do
             moduleName=$(basename $module)
+
+            # Determine the correct path for the module
+            if [[ -d "packages/aws-cdk-lib/$module" ]]; then
+              modulePath="packages/aws-cdk-lib/$module"
+            elif [[ -d "packages/@aws-cdk/$module" ]]; then
+              modulePath="packages/@aws-cdk/$module"
+            else
+              echo "Cannot find module directory for $module"
+              continue
+            fi
 
             # Check for existing PR with the same name
             prExists=$(gh pr list --state open --search "feat(${moduleName#aws-}): add new enum values for ${moduleName#aws-}" --json number,title -q '.[].number')
@@ -61,7 +104,7 @@ jobs:
             git checkout -b "$branchName"
 
             # Stage, commit, and push changes for the module
-            git add "packages/$module"  # Add only changes for this module
+            git add "$modulePath"  # Using the correct path
             git commit -m "chore(${moduleName#aws-}): add new enum values for ${moduleName#aws-}"
             git push origin "$branchName"
 
@@ -70,9 +113,7 @@ jobs:
            --body "This PR updates the enum values for ${moduleName#aws-}." \
            --base main \
            --head "$branchName"
-           --label "contribution/core,pr-linter/exempt-integ-test,pr-linter/exempt-readme,pr-linter/exempt-test" \
-           --reviewer "aws-cdk-team" \
+           --label "contribution/core,pr-linter/exempt-integ-test,pr-linter/exempt-readme,pr-linter/exempt-test"
           done
-
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/lambda-runtime-tests.yml

@@ -6,7 +6,7 @@ on:
 
 jobs:
   update-lambda-tests:
-    if: github.repository == 'aws/aws-cdk'
+    if: github.repository == 'aws/aws-cdk' && github.actor == 'aws-cdk-automation'
     runs-on: ubuntu-latest
     permissions:
       contents: write

.github/workflows/project-prioritization-added-on.yml

@@ -0,0 +1,21 @@
+name: PR Prioritization AddedOn update
+
+on:
+  schedule:
+    - cron: '0 */6 * * 1-5'  # Runs every 6 hours during weekdays
+  workflow_dispatch:        # Manual trigger
+
+jobs:
+  update_added_on:
+    if: github.repository == 'aws/aws-cdk'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name:  Update AddedOn field
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
+          script: |
+            const script = require('./scripts/prioritization/update-added-on.js')
+            await script({github})

.github/workflows/security-guardian.yml

@@ -0,0 +1,67 @@
+name: Security Guardian
+on:
+  pull_request: {}
+
+jobs:
+  run-security-guardian:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Fetches full history
+
+      - name: Get list of changed .template.json files
+        id: filter_files
+        run: |
+          echo "Getting changed CloudFormation templates..."
+          mkdir -p changed_templates
+
+          git fetch origin main --depth=1
+
+          base_sha="${{ github.event.pull_request.base.sha }}"
+          head_sha="${{ github.event.pull_request.head.sha }}"
+          if [[ -z "$base_sha" ]]; then base_sha=$(git merge-base origin/main HEAD); fi
+          if [[ -z "$head_sha" ]]; then head_sha=HEAD; fi
+
+          git diff --name-status "$base_sha" "$head_sha" \
+            | grep -E '^(A|M)\s+.*\.template\.json$' \
+            | awk '{print $2}' > changed_files.txt || true
+
+          while IFS= read -r file; do
+            if [ -f "$file" ]; then
+              safe_name=$(echo "$file" | sed 's|/|_|g')
+              cp "$file" "changed_templates/$safe_name"
+            else
+              echo "::warning::Changed file not found in workspace: $file"
+            fi
+          done < changed_files.txt
+
+          if [ -s changed_files.txt ]; then
+            echo "files_changed=true" >> $GITHUB_OUTPUT
+          else
+            echo "files_changed=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Install cfn-guard
+        if: steps.filter_files.outputs.files_changed == 'true'
+        run: |
+          mkdir -p $HOME/.local/bin
+          curl -L -o cfn-guard.tar.gz https://github.com/aws-cloudformation/cloudformation-guard/releases/latest/download/cfn-guard-v3-x86_64-ubuntu-latest.tar.gz
+          tar -xzf cfn-guard.tar.gz
+          mv cfn-guard-v3-*/cfn-guard $HOME/.local/bin/cfn-guard
+          chmod +x $HOME/.local/bin/cfn-guard
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
+
+      - name: Install & Build security-guardian
+        if: steps.filter_files.outputs.files_changed == 'true'
+        run: yarn install --frozen-lockfile && cd tools/@aws-cdk/security-guardian && yarn build
+
+      - name: Run cfn-guard if templates changed
+        if: steps.filter_files.outputs.files_changed == 'true'
+        uses: ./tools/@aws-cdk/security-guardian
+        with:
+          data_directory: './changed_templates'
+          rule_set_path: './tools/@aws-cdk/security-guardian/rules/trust_scope_rules.guard'
+          show_summary: 'fail'
+          output_format: 'single-line-summary'

.github/workflows/yarn-upgrade.yml

@@ -39,10 +39,6 @@ jobs:
       - name: Install Tools
         run: |-
           npm -g install lerna npm-check-updates
-      - name: Build Integ Runner
-        run: |
-          export NODE_OPTIONS="--max-old-space-size=8196 --experimental-worker ${NODE_OPTIONS:-}"
-          npx lerna run build --scope @aws-cdk/integ-runner
       - name: List Mono-Repo Packages
         id: list-packages
         # These need to be ignored from the `ncu` runs!
@@ -77,9 +73,6 @@ jobs:
       - name: Run "yarn upgrade"
         run: yarn upgrade
 
-      - name: Regenerate Integ Runner attributions
-        run: cd packages/@aws-cdk/integ-runner && yarn pkglint
-
       # Next, create and upload the changes as a patch file. This will later be downloaded to create a pull request
       # Creating a pull request requires write permissions and it's best to keep write privileges isolated.
       - name: Create Patch

CHANGELOG.v2.alpha.md

@@ -2,6 +2,57 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.189.1-alpha.0](https://github.com/aws/aws-cdk/compare/v2.189.0-alpha.0...v2.189.1-alpha.0) (2025-04-14)
+
+## [2.189.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.188.0-alpha.0...v2.189.0-alpha.0) (2025-04-09)
+
+
+### Features
+
+* **ec2-alpha:** implement mapPublicIpOnLaunch prop in SubnetV2 ([#34057](https://github.com/aws/aws-cdk/issues/34057)) ([836c5cf](https://github.com/aws/aws-cdk/commit/836c5cf3e4c627f817e4dc8ed2af28a5bba54792)), closes [#32159](https://github.com/aws/aws-cdk/issues/32159)
+
+
+### Bug Fixes
+
+* **amplify:** unable to re-run integ test due to missing `status` field in `customRule` ([#33973](https://github.com/aws/aws-cdk/issues/33973)) ([6638c08](https://github.com/aws/aws-cdk/commit/6638c08d56afe7ecc4f23cff4cf334b887001e5e)), closes [#33962](https://github.com/aws/aws-cdk/issues/33962)
+
+## [2.188.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.187.0-alpha.0...v2.188.0-alpha.0) (2025-04-03)
+
+
+### Features
+
+* **ec2:** add mailmanager vpc endpoints ([#33996](https://github.com/aws/aws-cdk/issues/33996)) ([7ee77d7](https://github.com/aws/aws-cdk/commit/7ee77d71df569d21c280866976109333e3266132))
+* **eks-v2-alpha:** add new nodegroup ami type ([#34025](https://github.com/aws/aws-cdk/issues/34025)) ([864a7c6](https://github.com/aws/aws-cdk/commit/864a7c6f6811777971d1349e7552567604167f02))
+
+
+### Bug Fixes
+
+* **ec2-alpha:** addInternetGW handles shared route table for subnets ([#33824](https://github.com/aws/aws-cdk/issues/33824)) ([3154d01](https://github.com/aws/aws-cdk/commit/3154d016ba31455f2d57ff5d90ee7b394c25e88f)), closes [#33672](https://github.com/aws/aws-cdk/issues/33672)
+
+## [2.187.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.186.0-alpha.0...v2.187.0-alpha.0) (2025-03-31)
+
+
+### Features
+
+* **apprunner:** throw ValidationError instead of untyped errors ([#33914](https://github.com/aws/aws-cdk/issues/33914)) ([38f89af](https://github.com/aws/aws-cdk/commit/38f89afe2ffdf67b0918e38f861166bdb0f8738f))
+* **ec2:** adding `placementGroup` to `LaunchTemplateProps` and `LaunchTemplate` ([#33726](https://github.com/aws/aws-cdk/issues/33726)) ([e5f71db](https://github.com/aws/aws-cdk/commit/e5f71db53ce985172e565eb9da5692d77ab7b268)), closes [#33721](https://github.com/aws/aws-cdk/issues/33721)
+* **ec2:** support the new `SupportedRegions` property for `AWS::EC2::VPCEndpointService` ([#33959](https://github.com/aws/aws-cdk/issues/33959)) ([0c77cb6](https://github.com/aws/aws-cdk/commit/0c77cb627e1e7e729205624a9603331f5442af8e))
+* **iot:** backfill enum values in iot module ([#33969](https://github.com/aws/aws-cdk/issues/33969)) ([2a8a8a3](https://github.com/aws/aws-cdk/commit/2a8a8a36ed872f7f3de4b24fd7d9c874a3da9dbf))
+
+## [2.186.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.185.0-alpha.0...v2.186.0-alpha.0) (2025-03-26)
+
+
+### Features
+
+* **ec2:** backfill missing enums for ec2 ([#33821](https://github.com/aws/aws-cdk/issues/33821)) ([ae3fd67](https://github.com/aws/aws-cdk/commit/ae3fd67d3e153187d2e6fa53df9ec78080fe71d0)), closes [/docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc.html#cfn-ec2](https://github.com/aws//docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc.html/issues/cfn-ec2) [/docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html#cfn-ec2](https://github.com/aws//docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html/issues/cfn-ec2)
+* **ec2:** support `PrefixList.fromLookup()` ([#33619](https://github.com/aws/aws-cdk/issues/33619)) ([b6a15f3](https://github.com/aws/aws-cdk/commit/b6a15f384e79eb0020f46ffeea20507f07380a97)), closes [aws/aws-cdk#33606](https://github.com/aws/aws-cdk/issues/33606) [aws/aws-cdk#15115](https://github.com/aws/aws-cdk/issues/15115)
+* **ec2:** support AWS::EC2::VPCEndpointService SupportedIpAddressTypes property ([#33877](https://github.com/aws/aws-cdk/issues/33877)) ([ed5df9c](https://github.com/aws/aws-cdk/commit/ed5df9cac46dd862ec67751f5d0e6a53f81e8d0a))
+
+
+### Bug Fixes
+
+* **eks-v2-alpha:** prevent IAM role creation when node pools are empty ([#33894](https://github.com/aws/aws-cdk/issues/33894)) ([55bf451](https://github.com/aws/aws-cdk/commit/55bf451c48da33ce2ecda1c17cccdedea4e3527f)), closes [#33771](https://github.com/aws/aws-cdk/issues/33771)
+
 ## [2.185.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.184.1-alpha.0...v2.185.0-alpha.0) (2025-03-19)