Merge branch 'main' into shikagg/vpcv2_graduation

CHANGELOG.v2.alpha.md

@@ -2,6 +2,36 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+
+## [2.177.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.176.0-alpha.0...v2.177.0-alpha.0) (2025-01-24)
+
+
+### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES
+
+* **glue-alpha:** Developers must refactor their existing Job
+instantiation method calls to choose the right job type and language,
+and use the new constants static values to define the associated Job
+configuration settings. See the RFC and/or new README for examples.
+
+### Description of how you validated changes
+
+Increased unit test coverage to > 90%, consulted with Glue service team
+on best practices and sane defaults, updated integration tests.
+
+### Features
+
+* **amplify-alpha:** throw `ValidationError` instead of untyped errors ([#33141](https://github.com/aws/aws-cdk/issues/33141)) ([a7cd9eb](https://github.com/aws/aws-cdk/commit/a7cd9ebc55f8fd70a469aea7dcf1c16919475982)), closes [#32569](https://github.com/aws/aws-cdk/issues/32569)
+
+
+### Bug Fixes
+
+* **custom-resource-handlers:** do not allow unauthorized connection for iam OIDC connection (under feature flag) ([#32921](https://github.com/aws/aws-cdk/issues/32921)) ([3e4f377](https://github.com/aws/aws-cdk/commit/3e4f3773bfa48b75bf0adc7d53d46bbec7714a9e)), closes [#32920](https://github.com/aws/aws-cdk/issues/32920)
+
+
+### Code Refactoring
+
+* **glue-alpha:**  Refactored glue-alpha L2 CDK construct RFC 0497 ([#32521](https://github.com/aws/aws-cdk/issues/32521)) ([1a18dc9](https://github.com/aws/aws-cdk/commit/1a18dc951a3946430231b685bd3584f62055127c))
+
 ## [2.176.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.175.1-alpha.0...v2.176.0-alpha.0) (2025-01-15)
 
 

CHANGELOG.v2.md

@@ -2,6 +2,49 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.177.0](https://github.com/aws/aws-cdk/compare/v2.176.0...v2.177.0) (2025-01-24)
+
+
+### Features
+
+* **apigatewayv2:**  throw `ValidationError` instead of untyped errors ([#33072](https://github.com/aws/aws-cdk/issues/33072)) ([8b472fc](https://github.com/aws/aws-cdk/commit/8b472fc5a68c2c83349dbfc11fa502f08d0bd5c8)), closes [#32569](https://github.com/aws/aws-cdk/issues/32569)
+* **apigatewayv2:** throw `ValidationError` instead of untyped errors ([#33082](https://github.com/aws/aws-cdk/issues/33082)) ([5377586](https://github.com/aws/aws-cdk/commit/537758607623d364529ccad78983eaa3f380762e)), closes [#32569](https://github.com/aws/aws-cdk/issues/32569)
+* **apigatewayv2-authorizers:** throw `ValidationError` instead of untyped errors ([#33076](https://github.com/aws/aws-cdk/issues/33076)) ([dd34d2e](https://github.com/aws/aws-cdk/commit/dd34d2e3286048eb5079d93b743c444c4ee1e9bf)), closes [#32569](https://github.com/aws/aws-cdk/issues/32569)
+* **bedrock:** deprecate Claude 2, 2.1, Instant ([#33058](https://github.com/aws/aws-cdk/issues/33058)) ([c0ed449](https://github.com/aws/aws-cdk/commit/c0ed4491a399cff5a098b0e4de389437c0cb55ba))
+* **cli:** add --untrust option to bootstrap ([#33091](https://github.com/aws/aws-cdk/issues/33091)) ([4713bdd](https://github.com/aws/aws-cdk/commit/4713bdd3bdd64e924c403c6c680d3205e4cef491))
+* **cli:** show all information from waiter errors ([#33035](https://github.com/aws/aws-cdk/issues/33035)) ([b512a72](https://github.com/aws/aws-cdk/commit/b512a72cd6457a4d95d7346338894a4e3ed503f3))
+* **cli:** throw typed errors ([#33005](https://github.com/aws/aws-cdk/issues/33005)) ([bf81b3c](https://github.com/aws/aws-cdk/commit/bf81b3ce17941f1f84b386f1e935150893b58315)), closes [#32548](https://github.com/aws/aws-cdk/issues/32548)
+* **cloudfront-origins:** list access level for 404 response ([#32059](https://github.com/aws/aws-cdk/issues/32059)) ([2b2443d](https://github.com/aws/aws-cdk/commit/2b2443de2f566f1595657f94195d8b61243fb800)), closes [#13983](https://github.com/aws/aws-cdk/issues/13983) [#31689](https://github.com/aws/aws-cdk/issues/31689)
+* **cognito:** managed login ([#33097](https://github.com/aws/aws-cdk/issues/33097)) ([188f52d](https://github.com/aws/aws-cdk/commit/188f52d5750274b86c5ebc6ce55ec7cdbc6fc8a7))
+* **elbv2:** throw `ValidationError` intsead of untyped errors ([#33111](https://github.com/aws/aws-cdk/issues/33111)) ([cc1988a](https://github.com/aws/aws-cdk/commit/cc1988acd3a5d8f6a348140af8ca69176b18a52c)), closes [#32569](https://github.com/aws/aws-cdk/issues/32569)
+* **lambda:** throw `ValidationError` instead of untyped errors ([#33033](https://github.com/aws/aws-cdk/issues/33033)) ([a928748](https://github.com/aws/aws-cdk/commit/a928748717baf6d7eb90724c2fd7ee980eda284b)), closes [#32569](https://github.com/aws/aws-cdk/issues/32569)
+* **rds:** throw `ValidationError` instead of untyped errors ([#33042](https://github.com/aws/aws-cdk/issues/33042)) ([0b2db62](https://github.com/aws/aws-cdk/commit/0b2db62850913a1af5b0018aff7c71fad6a7714f)), closes [#32569](https://github.com/aws/aws-cdk/issues/32569)
+* **route53:** throw `ValidationError` instead of untyped errors ([#33110](https://github.com/aws/aws-cdk/issues/33110)) ([5e0f16d](https://github.com/aws/aws-cdk/commit/5e0f16d5f5782784a7b572caa6531460bb4eed50)), closes [#32569](https://github.com/aws/aws-cdk/issues/32569)
+* **s3:** replicating objects ([#30966](https://github.com/aws/aws-cdk/issues/30966)) ([9d8a7e2](https://github.com/aws/aws-cdk/commit/9d8a7e20fbdb0fa956bf01b0f1dc6b26173dd161)), closes [#1680](https://github.com/aws/aws-cdk/issues/1680) [/docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrulefilter.html#cfn-s3](https://github.com/aws//docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrulefilter.html/issues/cfn-s3) [/docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrule.html#cfn-s3](https://github.com/aws//docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrule.html/issues/cfn-s3) [/docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrule.html#cfn-s3](https://github.com/aws//docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrule.html/issues/cfn-s3)
+* **s3:** throw `ValidationError` instead of untyped errors ([#33031](https://github.com/aws/aws-cdk/issues/33031)) ([61e876b](https://github.com/aws/aws-cdk/commit/61e876bd3ed65742b9b4321d0a514dfc606313f4)), closes [#32569](https://github.com/aws/aws-cdk/issues/32569)
+* **s3:** throw `ValidationError` instead of untyped errors ([#33109](https://github.com/aws/aws-cdk/issues/33109)) ([aea8f3b](https://github.com/aws/aws-cdk/commit/aea8f3b4f1bf80d5ffa390fee2986d864cd842c5)), closes [#32569](https://github.com/aws/aws-cdk/issues/32569)
+* **sns:** throw `ValidationError` instead of untyped errors ([#33045](https://github.com/aws/aws-cdk/issues/33045)) ([7452462](https://github.com/aws/aws-cdk/commit/7452462550a100f5bd2dcab6f495c9f68bf0db4a)), closes [#32569](https://github.com/aws/aws-cdk/issues/32569)
+* **sqs:** throw `ValidationError` instead of untyped errors ([#33046](https://github.com/aws/aws-cdk/issues/33046)) ([6469412](https://github.com/aws/aws-cdk/commit/64694124e37113eaeed50635e5d1fb8db9badc89)), closes [#32569](https://github.com/aws/aws-cdk/issues/32569)
+* **ssm:** throw `ValidationError` instead of untyped errors ([#33067](https://github.com/aws/aws-cdk/issues/33067)) ([6677b33](https://github.com/aws/aws-cdk/commit/6677b3373157c71b104c97ae3bbece39e44e29de)), closes [#32569](https://github.com/aws/aws-cdk/issues/32569)
+* **synthetics:** cleanup provisioned lambda and layers for canary ([#32738](https://github.com/aws/aws-cdk/issues/32738)) ([bdb4a59](https://github.com/aws/aws-cdk/commit/bdb4a594c16a2051ca157f5f06f059d7edcf457c))
+* **synthetics:** node playwright 1.0 and python selenium 4.1 runtime ([#32245](https://github.com/aws/aws-cdk/issues/32245)) ([d68020b](https://github.com/aws/aws-cdk/commit/d68020b8c1dc957a7e99aefab31de91f5a304b31)), closes [/docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_python_selenium.html#CloudWatch_Synthetics_runtimeversion-syn-python-selenium-4](https://github.com/aws//docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_python_selenium.html/issues/CloudWatch_Synthetics_runtimeversion-syn-python-selenium-4)
+* **synthetics:** throw `ValidationError` instead of untyped errors ([#33079](https://github.com/aws/aws-cdk/issues/33079)) ([e4703c1](https://github.com/aws/aws-cdk/commit/e4703c19598753a2b6f240b906d3e1da3954851f)), closes [#32569](https://github.com/aws/aws-cdk/issues/32569)
+* **VpcV2:** add BYOIP IPv6 to VPCv2 ([#32927](https://github.com/aws/aws-cdk/issues/32927)) ([93c95fc](https://github.com/aws/aws-cdk/commit/93c95fc1a4f547d309732ae7b32f65e3763c2d37))
+* update L1 CloudFormation resource definitions ([#33019](https://github.com/aws/aws-cdk/issues/33019)) ([e31924a](https://github.com/aws/aws-cdk/commit/e31924a7ec472f165382f5cca8b55b747e9c4208)), closes [/docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-parseRoute53](https://github.com/aws//docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html/issues/CloudWatch-Logs-Transformation-parseRoute53) [/docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation-Processors.html#CloudWatch-Logs-Transformation-parseRoute53](https://github.com/aws//docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation-Processors.html/issues/CloudWatch-Logs-Transformation-parseRoute53)
+
+
+### Bug Fixes
+
+* **bundling:** enclosing metafile & tsconfig paths with quotes ([#32725](https://github.com/aws/aws-cdk/issues/32725)) ([5410e10](https://github.com/aws/aws-cdk/commit/5410e1016b39ef3ef45a02da151ce40c83ce9e0d))
+* **cli:** disallow import of internal cli libraries ([#33021](https://github.com/aws/aws-cdk/issues/33021)) ([e5ac918](https://github.com/aws/aws-cdk/commit/e5ac918efbb66674176c81171e0d61affddcbeab))
+* **cli:** trace output (-vv) is useless when files are uploaded ([#33104](https://github.com/aws/aws-cdk/issues/33104)) ([d95add3](https://github.com/aws/aws-cdk/commit/d95add33fc3fe355752ff56cd37381cb808890b6))
+* **cloudfront:** add validations on ResponseHeadersCorsBehavior.accessControlAllowMethods ([#32769](https://github.com/aws/aws-cdk/issues/32769)) ([4c42800](https://github.com/aws/aws-cdk/commit/4c4280050e67d5779edeb09baf3287b431839aed))
+* **cx-api:** cannot detect CloudAssembly across different libraries ([#32998](https://github.com/aws/aws-cdk/issues/32998)) ([94ba772](https://github.com/aws/aws-cdk/commit/94ba7721b5c6adeb7974152d67d7b56524687cbe)), closes [aws/aws-cdk#31041](https://github.com/aws/aws-cdk/issues/31041)
+* **rds:** does not print all failed validations for DatabaseCluster props ([#32841](https://github.com/aws/aws-cdk/issues/32841)) ([344d916](https://github.com/aws/aws-cdk/commit/344d916480f6facc437841033cd3d072ebc07010)), closes [#32840](https://github.com/aws/aws-cdk/issues/32840) [#32840](https://github.com/aws/aws-cdk/issues/32840) [/github.com/aws/aws-cdk/pull/32151/files#diff-49b4a9e1bf0b7db3ab71f4f08580da0cb2191d84605dc82a70c324bd122d5cf7R805-R828](https://github.com/aws//github.com/aws/aws-cdk/pull/32151/files/issues/diff-49b4a9e1bf0b7db3ab71f4f08580da0cb2191d84605dc82a70c324bd122d5cf7R805-R828) [/github.com/aws/aws-cdk/pull/32841/files#diff-5d08d37e744e173239879212c59fd45cb9a279349f3dfb1c66923cb015ed3a3](https://github.com/aws//github.com/aws/aws-cdk/pull/32841/files/issues/diff-5d08d37e744e173239879212c59fd45cb9a279349f3dfb1c66923cb015ed3a3) [/github.com/aws/aws-cdk/blob/3e4f3773bfa48b75bf0adc7d53d46bbec7714a9e/packages/aws-cdk-lib/aws-ec2/lib/volume.ts#L672-L743](https://github.com/aws//github.com/aws/aws-cdk/blob/3e4f3773bfa48b75bf0adc7d53d46bbec7714a9e/packages/aws-cdk-lib/aws-ec2/lib/volume.ts/issues/L672-L743) [/github.com/aws/aws-cdk/blob/3e4f3773bfa48b75bf0adc7d53d46bbec7714a9e/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/eventbridge-scheduler/create-schedule.ts#L324-L362](https://github.com/aws//github.com/aws/aws-cdk/blob/3e4f3773bfa48b75bf0adc7d53d46bbec7714a9e/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/eventbridge-scheduler/create-schedule.ts/issues/L324-L362) [/github.com/aws/aws-cdk/blob/3e4f3773bfa48b75bf0adc7d53d46bbec7714a9e/packages/aws-cdk-lib/aws-fsx/lib/lustre-file-system.ts#L360-L380](https://github.com/aws//github.com/aws/aws-cdk/blob/3e4f3773bfa48b75bf0adc7d53d46bbec7714a9e/packages/aws-cdk-lib/aws-fsx/lib/lustre-file-system.ts/issues/L360-L380)
+* **sqs:** does not print all failed validations for Queue props ([#33070](https://github.com/aws/aws-cdk/issues/33070)) ([b77e937](https://github.com/aws/aws-cdk/commit/b77e9379e8d1e6d653042a2be35efb18983e1973)), closes [#33098](https://github.com/aws/aws-cdk/issues/33098) [#33098](https://github.com/aws/aws-cdk/issues/33098)
+* update fetchOpenPullRequests method to pass organisation in github action workflow for prioritization ([#33073](https://github.com/aws/aws-cdk/issues/33073)) ([066cd4f](https://github.com/aws/aws-cdk/commit/066cd4f45e194cff5ed39582e50f5b95e83cbeed))
+
+
 ## [2.176.0](https://github.com/aws/aws-cdk/compare/v2.175.1...v2.176.0) (2025-01-15)
 
 

nx.json

@@ -42,7 +42,7 @@
       ]
     }
   },
-  "extends": "@nrwl/workspace/presets/npm.json",
+  "extends": "@nx/workspace/presets/npm.json",
   "workspaceLayout": {},
   "tasksRunnerOptions": {
     "default": {

package.json

@@ -15,7 +15,7 @@
     "build-all": "tsc -b"
   },
   "devDependencies": {
-    "@nx/workspace": "^19.8.6",
+    "@nx/workspace": "^20",
     "@types/node": "18.11.19",
     "@types/prettier": "2.6.0",
     "@yarnpkg/lockfile": "^1.1.0",
@@ -29,7 +29,7 @@
     "jsii-pacmak": "1.106.0",
     "jsii-reflect": "1.106.0",
     "lerna": "^8.1.8",
-    "nx": "^19.8.6",
+    "nx": "^20",
     "semver": "^7.6.3",
     "standard-version": "^9.5.0",
     "ts-jest": "^29.2.5",

packages/@aws-cdk-testing/cli-integ/lib/aws.ts

@@ -20,15 +20,19 @@ import { SNSClient } from '@aws-sdk/client-sns';
 import { SSOClient } from '@aws-sdk/client-sso';
 import { STSClient, GetCallerIdentityCommand } from '@aws-sdk/client-sts';
 import { fromIni } from '@aws-sdk/credential-providers';
-import type { AwsCredentialIdentityProvider } from '@smithy/types';
+import type { AwsCredentialIdentity, AwsCredentialIdentityProvider } from '@smithy/types';
 import { ConfiguredRetryStrategy } from '@smithy/util-retry';
 interface ClientConfig {
-  readonly credentials?: AwsCredentialIdentityProvider;
+  readonly credentials?: AwsCredentialIdentityProvider | AwsCredentialIdentity;
   readonly region: string;
   readonly retryStrategy: ConfiguredRetryStrategy;
 }
 
 export class AwsClients {
+  public static async forIdentity(region: string, identity: AwsCredentialIdentity, output: NodeJS.WritableStream) {
+    return new AwsClients(region, output, identity);
+  }
+
   public static async forRegion(region: string, output: NodeJS.WritableStream) {
     return new AwsClients(region, output);
   }
@@ -45,9 +49,12 @@ export class AwsClients {
   public readonly lambda: LambdaClient;
   public readonly sts: STSClient;
 
-  constructor(public readonly region: string, private readonly output: NodeJS.WritableStream) {
+  constructor(
+    public readonly region: string,
+    private readonly output: NodeJS.WritableStream,
+    public readonly identity?: AwsCredentialIdentity) {
     this.config = {
-      credentials: chainableCredentials(this.region),
+      credentials: this.identity ?? chainableCredentials(this.region),
       region: this.region,
       retryStrategy: new ConfiguredRetryStrategy(9, (attempt: number) => attempt ** 500),
     };

packages/@aws-cdk-testing/cli-integ/lib/github.ts

@@ -40,4 +40,4 @@ export async function fetchPreviousVersion(token: string, options?: {
   if (previousMVRelease) { return previousMVRelease; }
 
   throw new Error(`Unable to find previous version given ${JSON.stringify(options)}`);
-};
+}

packages/@aws-cdk-testing/cli-integ/lib/integ-test.ts

@@ -13,9 +13,10 @@ if (SKIP_TESTS) {
 
 export interface TestContext {
   readonly randomString: string;
+  readonly name: string;
   readonly output: NodeJS.WritableStream;
   log(s: string): void;
-};
+}
 
 if (process.env.JEST_TEST_CONCURRENT === 'true') {
   process.stderr.write('ℹ️ JEST_TEST_CONCURRENT is true: tests will run concurrently and filters have no effect!\n0');
@@ -51,6 +52,7 @@ export function integTest(
       return await callback({
         output,
         randomString: randomString(),
+        name,
         log(s: string) {
           output.write(`${s}\n`);
         },

packages/@aws-cdk-testing/cli-integ/lib/with-aws.ts

@@ -1,8 +1,30 @@
+import { AtmosphereClient } from '@cdklabs/cdk-atmosphere-client';
 import { AwsClients } from './aws';
 import { TestContext } from './integ-test';
 import { ResourcePool } from './resource-pool';
 import { DisableBootstrapContext } from './with-cdk-app';
 
+export function atmosphereEnabled(): boolean {
+  const enabled = process.env.CDK_INTEG_ATMOSPHERE_ENABLED;
+  return enabled === 'true' || enabled === '1';
+}
+
+export function atmosphereEndpoint(): string {
+  const value = process.env.CDK_INTEG_ATMOSPHERE_ENDPOINT;
+  if (!value) {
+    throw new Error('CDK_INTEG_ATMOSPHERE_ENDPOINT is not defined');
+  }
+  return value;
+}
+
+export function atmospherePool() {
+  const value = process.env.CDK_INTEG_ATMOSPHERE_POOL;
+  if (!value) {
+    throw new Error('CDK_INTEG_ATMOSPHERE_POOL is not defined');
+  }
+  return value;
+}
+
 export type AwsContext = { readonly aws: AwsClients };
 
 /**
@@ -14,12 +36,40 @@ export function withAws<A extends TestContext>(
   block: (context: A & AwsContext & DisableBootstrapContext) => Promise<void>,
   disableBootstrap: boolean = false,
 ): (context: A) => Promise<void> {
-  return (context: A) => regionPool().using(async (region) => {
-    const aws = await AwsClients.forRegion(region, context.output);
-    await sanityCheck(aws);
+  return async (context: A) => {
+
+    if (atmosphereEnabled()) {
+      const atmosphere = new AtmosphereClient(atmosphereEndpoint());
+      const allocation = await atmosphere.acquire({ pool: atmospherePool(), requester: context.name });
+      const aws = await AwsClients.forIdentity(allocation.environment.region, {
+        accessKeyId: allocation.credentials.accessKeyId,
+        secretAccessKey: allocation.credentials.secretAccessKey,
+        sessionToken: allocation.credentials.sessionToken,
+        accountId: allocation.environment.account,
+      }, context.output);
+
+      await sanityCheck(aws);
+
+      let outcome = 'success';
+      try {
+        return await block({ ...context, disableBootstrap, aws });
+      } catch (e: any) {
+        outcome = 'failure';
+        throw e;
+      } finally {
+        await atmosphere.release(allocation.id, outcome);
+      }
+
+    } else {
+      return regionPool().using(async (region) => {
+        const aws = await AwsClients.forRegion(region, context.output);
+        await sanityCheck(aws);
+
+        return block({ ...context, disableBootstrap, aws });
+      });
+    }
 
-    return block({ ...context, disableBootstrap, aws });
-  });
+  };
 }
 
 let _regionPool: undefined | ResourcePool;