chore(release): 2.109.0 #28016

aws-cdk-automation · 2023-11-15T21:04:58Z

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.106.0/CHANGELOG.md)

The previously printed command doesn't actual work. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…ets (#27931) It seems that the description for vpcSubnets in EKS Cluster class includes incorrect requirement. https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_eks.Cluster.html#vpcsubnets > If you want to create public load balancers, this must include public subnets. The requirements for subnets where control plane ENIs are placed are described in the following document. https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html#network-requirements-subnets > The subnets that you specify when you create or update a cluster must meet the following requirements: > > The subnets must each have at least six IP addresses for use by Amazon EKS. However, we recommend at least 16 IP addresses. > The subnets can't reside in AWS Outposts, AWS Wavelength, or an AWS Local Zone. However, if you have them in your VPC, you can deploy self-managed nodes and Kubernetes resources to these types of subnets. > The subnets can be a public or private. However, we recommend that you specify private subnets, if possible. A public subnet is a subnet with a route table that includes a route to an internet gateway, whereas a private subnet is a subnet with a route table that doesn't include a route to an internet gateway. Other components such as nodes, Kubernetes resources or ELB can be located in different subnets from the above subnets. This is also described in the above document as below. > You can deploy nodes and Kubernetes resources to the same subnets that you specify when you create your cluster. However, this isn't necessary. This is because you can also deploy nodes and Kubernetes resources to subnets that you didn't specify when you created the cluster. So, this PR simply removes the incorrect sentence from CDK doc. Closes #27923 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…ter name for AL2023 images (#27698) AmazonLinuxImage construct generates SSM parameter name for Amazon Linux images. The naming convention for Amazon Linux 2023 images is a bit different from Amazon Linux 2. For example, virtualization type (e.g. HVM) or backend storage type (e.g. GP2) are not included in parameter's name for AL2023. AL2: https://github.com/aws/aws-cdk/blob/d0d75478e1cf3bb9a06f33642b9a06fc68d0c99d/packages/aws-cdk-lib/aws-ec2/lib/machine-image/amazon-linux2.ts#L77-L84 AL2023: https://github.com/aws/aws-cdk/blob/d0d75478e1cf3bb9a06f33642b9a06fc68d0c99d/packages/aws-cdk-lib/aws-ec2/lib/machine-image/amazon-linux-2023.ts#L59-L66 Currently, AmazonLinuxImage construct generates incorrect SSM parameter name for AL2023 images, which includes virtualization and storage type in the name. This causes validation error against non-existing parameter name. This PR solves the issue by avoiding to include virtualization and storage in parameter's name when AMAZON_LINUX_2023 is specified as generation. Closes #27638 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Similar to #25897, this PR adds eks with k8s 1.28 support. Closes #27500 <img width="792" alt="image" src="https://github.com/aws/aws-cdk/assets/278432/9cfec3f1-360d-4e7c-95fe-9a5177847f1d"> ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR moves the triggers handler from aws-cdk-lib to our new centralized location for custom resource handlers in the [@aws-cdk](https://github.com/aws-cdk) package. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR moves the bucket deployment handler from aws-cdk-lib to our new centralized location for custom resource handlers in the [@aws-cdk](https://github.com/aws-cdk) package. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR moves the cross region ssm reader handler from aws-cdk-lib to our new centralized location for custom resource handlers in the [@aws-cdk](https://github.com/aws-cdk) package. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR moves the notifications resource handler from aws-cdk-lib to our new centralized location for custom resource handlers in the https://github.com/aws-cdk package. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR moves the cfn-utils handler from aws-cdk-lib to our new centralized location for custom resource handlers in the [@aws-cdk](https://github.com/aws-cdk) package. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR moves the drop spam handler from aws-cdk-lib to our new centralized location for custom resource handlers in the https://github.com/aws-cdk package. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR fixes the bug that `fromEventRuleArn` does not extract region and account from the arn. - Behavior until now ```ts const stack = new Stack(); // <- region: us-east-1, account: 123456789012 const imported = Rule.fromEventRuleArn(stack, 'Imported', 'arn:aws:events:us-west-2:999999999999:rule/example'); // imported.env.region : us-east-1("Ref": "AWS::Region"). But it should be us-west-2. // imported.env.account : 123456789012("Ref": "AWS::AccountId"). But it should be 999999999999. ``` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR fixes the bug that `fromQueueArn` does not extract region and account from the arn. - Behavior until now ```ts const stack = new Stack(); // <- region: us-east-1, account: 123456789012 const imported = sqs.Queue.fromQueueArn(stack, 'Imported', 'arn:aws:sns:us-west-2:999999999999:queue'); // imported.env.region : us-east-1("Ref": "AWS::Region"). But it should be us-west-2. // imported.env.account : 123456789012("Ref": "AWS::AccountId"). But it should be 999999999999. ``` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR moves the approve lambda handler from aws-cdk-lib to our new centralized location for custom resource handlers in the [@aws-cdk](https://github.com/aws-cdk) package. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Bumps [axios](https://github.com/axios/axios) from 0.27.2 to 1.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>Release v1.6.0</h2> <h2>Release notes:</h2> <h3>Bug Fixes</h3> <ul> <li><strong>CSRF:</strong> fixed CSRF vulnerability CVE-2023-45857 (<a href="https://redirect.github.com/axios/axios/issues/6028">#6028</a>) (<a href="https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0">96ee232</a>)</li> <li><strong>dns:</strong> fixed lookup function decorator to work properly in node v20; (<a href="https://redirect.github.com/axios/axios/issues/6011">#6011</a>) (<a href="https://github.com/axios/axios/commit/5aaff532a6b820bb9ab6a8cd0f77131b47e2adb8">5aaff53</a>)</li> <li><strong>types:</strong> fix AxiosHeaders types; (<a href="https://redirect.github.com/axios/axios/issues/5931">#5931</a>) (<a href="https://github.com/axios/axios/commit/a1c8ad008b3c13d53e135bbd0862587fb9d3fc09">a1c8ad0</a>)</li> </ul> <h3>PRs</h3> <ul> <li>CVE 2023 45857 ( <a href="https://api.github.com/repos/axios/axios/pulls/6028">#6028</a> )</li> </ul> <pre><code> ⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459 </code></pre> <h3>Contributors to this release</h3> <ul> <li> <a href="https://github.com/DigitalBrainJS" title="+449/-114 ([#6032](axios/axios#6032) [#6021](axios/axios#6021) [#6011](axios/axios#6011) [#5932](axios/axios#5932) [#5931](axios/axios#5931) )">Dmitriy Mozgovoy</a></li> <li> <a href="https://github.com/valentin-panov" title="+4/-4 ([#6028](axios/axios#6028) )">Valentin Panov</a></li> <li> <a href="https://github.com/therealrinku" title="+1/-1 ([#5889](axios/axios#5889) )">Rinku Chaudhari</a></li> </ul> <h2>Release v1.5.1</h2> <h2>Release notes:</h2> <h3>Bug Fixes</h3> <ul> <li><strong>adapters:</strong> improved adapters loading logic to have clear error messages; (<a href="https://redirect.github.com/axios/axios/issues/5919">#5919</a>) (<a href="https://github.com/axios/axios/commit/e4107797a7a1376f6209fbecfbbce73d3faa7859">e410779</a>)</li> <li><strong>formdata:</strong> fixed automatic addition of the <code>Content-Type</code> header for FormData in non-browser environments; (<a href="https://redirect.github.com/axios/axios/issues/5917">#5917</a>) (<a href="https://github.com/axios/axios/commit/bc9af51b1886d1b3529617702f2a21a6c0ed5d92">bc9af51</a>)</li> <li><strong>headers:</strong> allow <code>content-encoding</code> header to handle case-insensitive values (<a href="https://redirect.github.com/axios/axios/issues/5890">#5890</a>) (<a href="https://redirect.github.com/axios/axios/issues/5892">#5892</a>) (<a href="https://github.com/axios/axios/commit/4c89f25196525e90a6e75eda9cb31ae0a2e18acd">4c89f25</a>)</li> <li><strong>types:</strong> removed duplicated code (<a href="https://github.com/axios/axios/commit/9e6205630e1c9cf863adf141c0edb9e6d8d4b149">9e62056</a>)</li> </ul> <h3>Contributors to this release</h3> <ul> <li> <a href="https://github.com/DigitalBrainJS" title="+89/-18 ([#5919](axios/axios#5919) [#5917](axios/axios#5917) )">Dmitriy Mozgovoy</a></li> <li> <a href="https://github.com/DavidJDallas" title="+11/-5 ()">David Dallas</a></li> <li> <a href="https://github.com/fb-sean" title="+2/-8 ()">Sean Sattler</a></li> <li> <a href="https://github.com/0o001" title="+4/-4 ()">Mustafa Ateş Uzun</a></li> <li> <a href="https://github.com/sfc-gh-pmotacki" title="+2/-1 ([#5892](axios/axios#5892) )">Przemyslaw Motacki</a></li> <li> <a href="https://github.com/Cadienvan" title="+1/-1 ()">Michael Di Prisco</a></li> </ul> <h2>Release v1.5.0</h2> <h2>Release notes:</h2> <h3>Bug Fixes</h3> <ul> <li><strong>adapter:</strong> make adapter loading error more clear by using platform-specific adapters explicitly (<a href="https://redirect.github.com/axios/axios/issues/5837">#5837</a>) (<a href="https://github.com/axios/axios/commit/9a414bb6c81796a95c6c7fe668637825458e8b6d">9a414bb</a>)</li> <li><strong>dns:</strong> fixed <code>cacheable-lookup</code> integration; (<a href="https://redirect.github.com/axios/axios/issues/5836">#5836</a>) (<a href="https://github.com/axios/axios/commit/b3e327dcc9277bdce34c7ef57beedf644b00d628">b3e327d</a>)</li> <li><strong>headers:</strong> added support for setting header names that overlap with class methods; (<a href="https://redirect.github.com/axios/axios/issues/5831">#5831</a>) (<a href="https://github.com/axios/axios/commit/d8b4ca0ea5f2f05efa4edfe1e7684593f9f68273">d8b4ca0</a>)</li> <li><strong>headers:</strong> fixed common Content-Type header merging; (<a href="https://redirect.github.com/axios/axios/issues/5832">#5832</a>) (<a href="https://github.com/axios/axios/commit/8fda2766b1e6bcb72c3fabc146223083ef13ce17">8fda276</a>)</li> </ul> <h3>Features</h3> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's changelog</a>.</em></p> <blockquote> <h1><a href="https://github.com/axios/axios/compare/v1.5.1...v1.6.0">1.6.0</a> (2023-10-26)</h1> <h3>Bug Fixes</h3> <ul> <li><strong>CSRF:</strong> fixed CSRF vulnerability CVE-2023-45857 (<a href="https://redirect.github.com/axios/axios/issues/6028">#6028</a>) (<a href="https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0">96ee232</a>)</li> <li><strong>dns:</strong> fixed lookup function decorator to work properly in node v20; (<a href="https://redirect.github.com/axios/axios/issues/6011">#6011</a>) (<a href="https://github.com/axios/axios/commit/5aaff532a6b820bb9ab6a8cd0f77131b47e2adb8">5aaff53</a>)</li> <li><strong>types:</strong> fix AxiosHeaders types; (<a href="https://redirect.github.com/axios/axios/issues/5931">#5931</a>) (<a href="https://github.com/axios/axios/commit/a1c8ad008b3c13d53e135bbd0862587fb9d3fc09">a1c8ad0</a>)</li> </ul> <h3>PRs</h3> <ul> <li>CVE 2023 45857 ( <a href="https://api.github.com/repos/axios/axios/pulls/6028">#6028</a> )</li> </ul> <pre><code> ⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459 </code></pre> <h3>Contributors to this release</h3> <ul> <li> <a href="https://github.com/DigitalBrainJS" title="+449/-114 ([#6032](axios/axios#6032) [#6021](axios/axios#6021) [#6011](axios/axios#6011) [#5932](axios/axios#5932) [#5931](axios/axios#5931) )">Dmitriy Mozgovoy</a></li> <li> <a href="https://github.com/valentin-panov" title="+4/-4 ([#6028](axios/axios#6028) )">Valentin Panov</a></li> <li> <a href="https://github.com/therealrinku" title="+1/-1 ([#5889](axios/axios#5889) )">Rinku Chaudhari</a></li> </ul> <h2><a href="https://github.com/axios/axios/compare/v1.5.0...v1.5.1">1.5.1</a> (2023-09-26)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>adapters:</strong> improved adapters loading logic to have clear error messages; (<a href="https://redirect.github.com/axios/axios/issues/5919">#5919</a>) (<a href="https://github.com/axios/axios/commit/e4107797a7a1376f6209fbecfbbce73d3faa7859">e410779</a>)</li> <li><strong>formdata:</strong> fixed automatic addition of the <code>Content-Type</code> header for FormData in non-browser environments; (<a href="https://redirect.github.com/axios/axios/issues/5917">#5917</a>) (<a href="https://github.com/axios/axios/commit/bc9af51b1886d1b3529617702f2a21a6c0ed5d92">bc9af51</a>)</li> <li><strong>headers:</strong> allow <code>content-encoding</code> header to handle case-insensitive values (<a href="https://redirect.github.com/axios/axios/issues/5890">#5890</a>) (<a href="https://redirect.github.com/axios/axios/issues/5892">#5892</a>) (<a href="https://github.com/axios/axios/commit/4c89f25196525e90a6e75eda9cb31ae0a2e18acd">4c89f25</a>)</li> <li><strong>types:</strong> removed duplicated code (<a href="https://github.com/axios/axios/commit/9e6205630e1c9cf863adf141c0edb9e6d8d4b149">9e62056</a>)</li> </ul> <h3>Contributors to this release</h3> <ul> <li> <a href="https://github.com/DigitalBrainJS" title="+89/-18 ([#5919](axios/axios#5919) [#5917](axios/axios#5917) )">Dmitriy Mozgovoy</a></li> <li> <a href="https://github.com/DavidJDallas" title="+11/-5 ()">David Dallas</a></li> <li> <a href="https://github.com/fb-sean" title="+2/-8 ()">Sean Sattler</a></li> <li> <a href="https://github.com/0o001" title="+4/-4 ()">Mustafa Ateş Uzun</a></li> <li> <a href="https://github.com/sfc-gh-pmotacki" title="+2/-1 ([#5892](axios/axios#5892) )">Przemyslaw Motacki</a></li> <li> <a href="https://github.com/Cadienvan" title="+1/-1 ()">Michael Di Prisco</a></li> </ul> <h3>PRs</h3> <ul> <li>CVE 2023 45857 ( <a href="https://api.github.com/repos/axios/axios/pulls/6028">#6028</a> )</li> </ul> <pre><code> ⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459 </code></pre> <h1><a href="https://github.com/axios/axios/compare/v1.4.0...v1.5.0">1.5.0</a> (2023-08-26)</h1> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/axios/axios/commit/f7adacdbaa569281253c8cfc623ad3f4dc909c60"><code>f7adacd</code></a> chore(release): v1.6.0 (<a href="https://redirect.github.com/axios/axios/issues/6031">#6031</a>)</li> <li><a href="https://github.com/axios/axios/commit/9917e67cbb6c157382863bad8c741de58e3f3c2b"><code>9917e67</code></a> chore(ci): fix release-it arg; (<a href="https://redirect.github.com/axios/axios/issues/6032">#6032</a>)</li> <li><a href="https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0"><code>96ee232</code></a> fix(CSRF): fixed CSRF vulnerability CVE-2023-45857 (<a href="https://redirect.github.com/axios/axios/issues/6028">#6028</a>)</li> <li><a href="https://github.com/axios/axios/commit/7d45ab2e2ad6e59f5475e39afd4b286b1f393fc0"><code>7d45ab2</code></a> chore(tests): fixed tests to pass in node v19 and v20 with <code>keep-alive</code> enabl...</li> <li><a href="https://github.com/axios/axios/commit/5aaff532a6b820bb9ab6a8cd0f77131b47e2adb8"><code>5aaff53</code></a> fix(dns): fixed lookup function decorator to work properly in node v20; (<a href="https://redirect.github.com/axios/axios/issues/6011">#6011</a>)</li> <li><a href="https://github.com/axios/axios/commit/a48a63ad823fc20e5a6a705f05f09842ca49f48c"><code>a48a63a</code></a> chore(docs): added AxiosHeaders docs; (<a href="https://redirect.github.com/axios/axios/issues/5932">#5932</a>)</li> <li><a href="https://github.com/axios/axios/commit/a1c8ad008b3c13d53e135bbd0862587fb9d3fc09"><code>a1c8ad0</code></a> fix(types): fix AxiosHeaders types; (<a href="https://redirect.github.com/axios/axios/issues/5931">#5931</a>)</li> <li><a href="https://github.com/axios/axios/commit/2ac731d60545ba5c4202c25fd2e732ddd8297d82"><code>2ac731d</code></a> chore(docs): update readme.md (<a href="https://redirect.github.com/axios/axios/issues/5889">#5889</a>)</li> <li><a href="https://github.com/axios/axios/commit/88fb52b5fad7aabab0532e7ad086c5f1b0178905"><code>88fb52b</code></a> chore(release): v1.5.1 (<a href="https://redirect.github.com/axios/axios/issues/5920">#5920</a>)</li> <li><a href="https://github.com/axios/axios/commit/e4107797a7a1376f6209fbecfbbce73d3faa7859"><code>e410779</code></a> fix(adapters): improved adapters loading logic to have clear error messages; ...</li> <li>Additional commits viewable in <a href="https://github.com/axios/axios/compare/v0.27.2...v1.6.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=axios&package-manager=npm_and_yarn&previous-version=0.27.2&new-version=1.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts). </details>

This PR moves the kubectl handlers from aws-cdk-lib to our new centralized location for custom resource handlers in the https://github.com/aws-cdk package. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…property" (#27939) Reverts #27764

Bumped the bootstrap template version to 19. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.106.1/CHANGELOG.md)

This PR moves the cloudfront edge function handler from aws-cdk-lib to our new centralized location for custom resource handlers in the @aws-cdk package. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

AWS Service Spec packages to latest versions.

Preparing for node20 launch ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Adds a Python 3.12 runtime to Lambda. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR moves the ssm writer handler from aws-cdk-lib to our new centralized location for custom resource handlers in the [@aws-cdk](https://github.com/aws-cdk) package. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR moves the role policy handler from aws-cdk-lib to our new centralized location for custom resource handlers in the [@aws-cdk](https://github.com/aws-cdk) package. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR moves the migrate asset deployment handler to our new centralized location for custom resource handlers in the [@aws-cdk](https://github.com/aws-cdk) package. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.108.0/CHANGELOG.md)

… to true (#27977) Currently, the default value for deleteAutomatedBackups prop is described as `false` in CDK document. https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_rds.DatabaseInstance.html#deleteautomatedbackups However, from underlying CloudFormation resource and RDS API perspective, `true` is correct default value. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#cfn-rds-dbinstance-deleteautomatedbackups > A value that indicates whether to remove automated backups immediately after the DB instance is deleted. This parameter isn't case-sensitive. The default is to remove automated backups immediately after the DB instance is deleted. https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBInstance.html > Specifies whether to remove automated backups immediately after the DB instance is deleted. This parameter isn't case-sensitive. The default is to remove automated backups immediately after the DB instance is deleted. Also, From CDK implementation perspective, deleteAutomatedBackups prop is simply passed to deleteAutomatedBackups parameter for CfnDBInstance (AWS::RDS::DBInstance). https://github.com/aws/aws-cdk/blob/5665a959c6628e8786a14863f8d3177b4a1d9f7a/packages/aws-cdk-lib/aws-rds/lib/instance.ts#L856 This PR solves this discrepancy between the documentation for RDS DB Instances in CDK and CFn. Closes #27973 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…modules/@aws-cdk/integ-runner/lib/workers/db.json.gz'" (#27983) Mark the `@aws-cdk/aws-service-spec` as external, because it cannot be bundled. Changes an import from `cdk-assets` to be more specific, so we don't bundle the whole of `aws-sdk` anymore. This reduced the worker entrypoint size from 70MB -> 1.5MB ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Update the CHANGELOG to add when support for the Python 3.11 lambda runtime was added since it was missing. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…27948) #27558 fixed a circular dependency issue between the bucket and the ELB when using `logAccessLogs` by adding the dependency at the L1 level. The dependency was added on both the bucket and the bucket policy (which already refers to the bucket). This introduced a new bug when adding a dependency for imported buckets (as `bucket.node.defaultChild` is `undefined`). This PR fixes the issue by adding the dependency at the L1 level on the bucket policy directly. Closes #27928. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…#27990) Docs: [cloudformation s3 bucket rule](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-rule.html). Closes #27969. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Adds support for Firehose delivery stream as access log destination of API gateway. Closes #27954. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.108.1/CHANGELOG.md)

#27981) Steps: 1. Get the list of regions from our single source of truth. 2. Convert that list into the TypeScript code that should be the content of `packages/aws-cdk-lib/region-info/build-tools/metadata.ts`. 3. Create a PR if there were any changes. The workflow is triggered every day at 00:00. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

With #26763 the default runtime was reverted from NODEJS_18_X to NODEJS_16_X This PR reflects this in the docs of the NodejsFunctionProps ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

… changes (#28007) Only automated changes to the `packages/aws-cdk-lib/region-info/build-tools/metadata.ts` file are allowed. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Adds a Java 21 runtime to Lambda. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…agedKafka events (#28010) ## Summary This PR will include following features - add destination(currently sns/sqs) for Kafka event sources (SelfManagedKafkaEventSource andManagedKafkaEventSource) - add a dedicated S3 destination to the kafka event sources (non-kafka event source doesn't support S3 as destination) ## Backgrounds Lambda Event Source Mapping (ESM) processes events from event sources in a sequence manner. However, a potential issue with this approach is that if a record is deemed a “poison pill”, it will be retried indefinitely until it is processed successfully or until the record expires. This can cause delays in processing others records in the queue. Additionally, for events that exceed the Lambda payload limit of 6 MB, they might be dropped as they cannot be processed. Today, Lambda supports configuring an OnSuccess destination and OnFailure destination for asynchronous invocations. For stream-based event sources, such as Kinesis, and DynamoDB streams, Lambda supports configuring an OnFailure destination. Regarding SQS, SQS poller doesn’t support OnFailure destination, but SQS support Dead Letter Queue (DLQ) natively. For CDK, Some event source mappings (events) can have onFailure destination through a DestinationConfig. Right now that supports only DynamoDB and Kinesis event sources and only SQS and SNS destinations. ## Solution - Add a new `s3onFailureDestination` destination in `s3-ofd.ts` file - Add a new field `onFailure` to `KafkaEventSourceProps` that customer can use `s3onFailureDestination` to pass in. - Add a check in `enrichMappingOptions` for every event type against `EventSourceMappingOptions.supportS3OFD` to check if they support S3 as onFailure. ## User Experience ```diff import { Secret } from 'aws-cdk-lib/aws-secretsmanager'; + import { ManagedKafkaEventSource, S3OnFailureDestination } from 'aws-cdk-lib/aws-lambda-event-sources'; import * as lambda from 'aws-cdk-lib/aws-lambda' import { App, StackProps, Stack } from 'aws-cdk-lib'; + import { Bucket } from 'aws-cdk-lib/aws-s3'; export class CdkTestStack extends Stack { constructor(scope: App, id: string, props?: StackProps) { super(scope, id, props); const myFunction = new lambda.Function(this, 'myFunction', { runtime: lambda.Runtime.NODEJS_16_X, handler: 'index.handler', code: lambda.Code.fromInline('//handler_code_here'), }); // Your MSK cluster arn const clusterArn = 'arn:aws:kafka:us-east-1:0123456789019:cluster/SalesCluster/abcd1234-abcd-cafe-abab-9876543210ab-4'; // The Kafka topic you want to subscribe to const topic = 'some-cool-topic'; // The secret that allows access to your MSK cluster // You still have to make sure that it is associated with your cluster as described in the documentation const secret = new Secret(this, 'Secret', { secretName: 'AmazonMSK_KafkaSecret' }); // Your bucket for Kafka's onFailure Destination + const bucket = Bucket.fromBucketName(this, 'BucketByName', 'my-bucket'); + const s3ofd = new S3OnFailureDestination(bucket); myFunction.addEventSource(new ManagedKafkaEventSource({ clusterArn, topic: topic, secret: secret, batchSize: 100, // default startingPosition: lambda.StartingPosition.TRIM_HORIZON, + onFailure: s3ofd, })); } } ``` ## sample synth output ``` myFunctionServiceRoleDefaultPolicyECBA61F7: Type: AWS::IAM::Policy Properties: PolicyDocument: Statement: - Action: - s3:Abort* - s3:DeleteObject* - s3:GetBucket* - s3:GetObject* - s3:List* - s3:PutObject - s3:PutObjectLegalHold - s3:PutObjectRetention - s3:PutObjectTagging - s3:PutObjectVersionTagging Effect: Allow Resource: - Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - :s3:::my-bucket - Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - :s3:::my-bucket/* myFunctionKafkaEventSourceCdkTestStackmyFunction09D44E80somecooltopic1B4580FF: Type: AWS::Lambda::EventSourceMapping Properties: BatchSize: 100 DestinationConfig: OnFailure: Destination: Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - :s3:::my-bucket ``` ## To discuss ### Change parent class name The parent class of `s3ofd` is called `IEventSourceDlq`. `DLQ` stands for Dead Letter Queue, Which is very specific for SQS, we might want to work out a new naming for S3 - Option 1: Rename the `IEventSourceDlq` to `IEventSourceOfd` (Ofd: OnFailureDestinaion)And create `IEventSourceDlq` again to extends from it for keeping backwards compatibility. For S3, Create a new class `IEventSourceS3ofd`. also extend from the parent class and will be implemented by our new S3 Destination class. - Option 2: Don’t create new parent classes, the new S3 Destination class just extend the original `IEventSourceDlq` Class. Like what is shown in the current code. ### Where to add checking for s3 on failure desintation support Currently in the commit, I was checking for s3ofd support in `enrichMappingOptions` Which will be called by all event source classes. Does this design make sense, or should we create a new dedicated function for chcecking? ## Questions: - Check out the current UX Closes #<issue number here>. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR adds new versions for Aurora MySQL. - 3.04.1 - https://docs.aws.amazon.com/AmazonRDS/latest/AuroraMySQLReleaseNotes/AuroraMySQL.Updates.3041.html ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

AWS Service Spec packages to latest versions.

aws-cdk-automation · 2023-11-15T21:40:52Z

AWS CodeBuild CI Report

CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
Commit ID: a652d26
Result: SUCCEEDED
Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

mergify · 2023-11-15T21:41:07Z

Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork).

mergify bot and others added 30 commits November 10, 2023 07:00

chore(merge-back): 2.106.0 (#27922)

8100e34

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.106.0/CHANGELOG.md)

fix(integ-runner): update workflow error message is inaccurate (#27924)

844cd6f

The previously printed command doesn't actual work. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

chore: add L1 example to lakeformation readme (#27917)

66054ab

---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

revert: "chore(cdk): boostrap template uses deprecated AccessControl …

093c4ed

…property" (#27939) Reverts #27764

chore: bump bootstrap template to version 19 (#27941)

94ccec6

Bumped the bootstrap template version to 19. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Merge branch 'main' into merge-back/2.106.1

454f47d

chore(merge-back): 2.106.1 (#27945)

e5959a0

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.106.1/CHANGELOG.md)

feat: update AWS Service Spec (#27958)

1466207

AWS Service Spec packages to latest versions.

feat(lambda): node20 runtime (#27897)

2e3cdd9

Preparing for node20 launch ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

feat(lambda): add python 3.12 runtime (#27967)

9d17fe2

Adds a Python 3.12 runtime to Lambda. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Merge branch 'main' into merge-back/2.108.0

5afe7ce

mergify bot and others added 17 commits November 14, 2023 01:51

chore(merge-back): 2.108.0 (#27975)

2dc31e9

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.108.0/CHANGELOG.md)

feat(apigateway): support firehose access log destination (#27959)

33357aa

Adds support for Firehose delivery stream as access log destination of API gateway. Closes #27954. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Merge branch 'main' into merge-back/2.108.1

092f707

chore(merge-back): 2.108.1 (#27995)

b21ee35

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.108.1/CHANGELOG.md)

feat(lambda): add java 21 lambda runtime (#27822)

ef4dee6

Adds a Java 21 runtime to Lambda. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

feat: update AWS Service Spec (#28011)

f0939f2

AWS Service Spec packages to latest versions.

chore(release): 2.109.0

ee1935f

aws-cdk-automation added auto-approve pr/no-squash This PR should be merged instead of squash-merging it labels Nov 15, 2023

github-actions bot added the p2 label Nov 15, 2023

aws-cdk-automation requested a review from a team November 15, 2023 21:05

github-actions bot approved these changes Nov 15, 2023

View reviewed changes

changelog

a652d26

mergify bot merged commit 941dc16 into v2-release Nov 15, 2023
12 checks passed

mergify bot deleted the bump/2.109.0 branch November 15, 2023 21:41

github-actions bot mentioned this pull request Dec 1, 2023

Monthly PR metrics report - November 2023 #28212

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(release): 2.109.0 #28016

chore(release): 2.109.0 #28016

aws-cdk-automation commented Nov 15, 2023 •

edited

Loading

aws-cdk-automation commented Nov 15, 2023

mergify bot commented Nov 15, 2023

chore(release): 2.109.0 #28016

chore(release): 2.109.0 #28016

Conversation

aws-cdk-automation commented Nov 15, 2023 • edited Loading

aws-cdk-automation commented Nov 15, 2023

AWS CodeBuild CI Report

mergify bot commented Nov 15, 2023

aws-cdk-automation commented Nov 15, 2023 •

edited

Loading