chore(release): 2.65.0 (#24185)

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/2.65.0/CHANGELOG.md)

.github/workflows/issue-label-assign.yml

@@ -70,7 +70,6 @@ env:
           [
             {"area":"package/tools","keywords":["cli","command line","init","synth","diff","bootstrap"],"labels":["package/tools"],"enableGlobalAffixes":false},
             {"area":"@aws-cdk/alexa-ask","keywords":["alexa-ask","alexa"],"labels":["@aws-cdk/alexa-ask"]},
-            {"area":"@aws-cdk/app-delivery","keywords":["app-delivery"],"labels":["@aws-cdk/app-delivery"]},
             {"area":"@aws-cdk/assert","keywords":["assert"],"labels":["@aws-cdk/assert"]},
             {"area":"@aws-cdk/assertions","keywords":["assertions"],"labels":["@aws-cdk/assertions"]},
             {"area":"@aws-cdk/assets","keywords":["assets","staging"],"labels":["@aws-cdk/assets"]},

.github/workflows/pr-linter-exemption-labeler.yml

@@ -0,0 +1,17 @@
+name: pr-linter-exemption-labeler
+on:
+  issue_comment:
+    types:
+      - created
+      - edited
+      - deleted
+
+jobs:
+  pr_commented:
+    name: PR Comment
+    if: ${{ (github.event.issue.pull_request) && (github.event.issue.state == 'open') }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: TheRealAmazonKendra/pr-linter-exemption-labeler@main
+        with:
+          github-token: ${{ secrets.PROJEN_GITHUB_TOKEN }}

.github/workflows/yarn-upgrade-v1main.yml

@@ -26,7 +26,7 @@ jobs:
 
       - name: Locate Yarn cache
         id: yarn-cache
-        run: echo "::set-output name=dir::$(yarn cache dir)"
+        run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
 
       - name: Restore Yarn cache
         uses: actions/cache@v3
@@ -39,34 +39,30 @@ jobs:
         run: yarn install --frozen-lockfile
       - name: Install Tools
         run: |-
-          npm -g install lerna npm-check-updates@^9.0.0
+          npm -g install lerna js-yaml npm-check-updates@^9.0.0
       - name: Build CLI
-        run: cd packages/aws-cdk && ../../scripts/buildup
+        run: lerna run build --scope aws-cdk --include-dependencies --stream
       - name: Build Integ Runner
-        run: cd packages/@aws-cdk/integ-runner && ../../../scripts/buildup
+        run: lerna run build --scope @aws-cdk/integ-runner --include-dependencies --stream
       - name: List Mono-Repo Packages
         id: list-packages
         # These need to be ignored from the `ncu` runs!
         run: |-
-          echo -n "::set-output name=list::"
-          node -p "$(lerna ls --all --json 2>/dev/null).map(item => item.name).join(',')"
+          echo "list=$(lerna ls --all --json 2>/dev/null | jq -r 'map(.name) | join(",")')" >> $GITHUB_OUTPUT
       - name: Run "ncu -u"
-        # We special-case @types/node because we want to stay on the current major (minimum supported node release)
-        # We special-case @types/fs-extra because the current major (9.x) is broken with @types/node >= 10
+        # We special-case some @types because they need to be pinned to specific versions due to breaking changes in minor upgrades https://github.com/DefinitelyTyped/DefinitelyTyped/issues/64266
         # We special-case aws-sdk because of breaking changes with TS interface exports in recent minor versions - https://github.com/aws/aws-sdk-js/issues/3453
-        # We special-case typescript because it's not semantically versionned
+        # We special-case typescript because it's not semantically versioned
         # We special-case constructs because we want to stay in control of the minimum compatible version
         # We special-case lerna because we have a patch on it that stops applying if Lerna upgrades. Remove this once https://github.com/lerna/lerna/pull/2874 releases.
         # We special-case aws-sdk-mock because of breaking changes in type exports https://github.com/dwyl/aws-sdk-mock/pull/260. We are not respecting `@ts-ignore`
         run: |-
           # Upgrade dependencies at repository root
-          ncu --upgrade --filter=@types/node,@types/fs-extra --target=minor
           ncu --upgrade --filter=typescript --target=patch
-          ncu --upgrade --reject=@types/node,@types/prettier,@types/fs-extra,constructs,typescript,lerna --target=minor
+          ncu --upgrade --reject=@types/node,@types/prettier,constructs,typescript,lerna --target=minor
           # Upgrade all the packages
-          lerna exec --parallel ncu -- --upgrade --filter=@types/node,@types/fs-extra --target=minor
           lerna exec --parallel ncu -- --upgrade --filter=typescript --target=patch
-          lerna exec --parallel ncu -- --upgrade --reject='@types/node,@types/prettier,@types/fs-extra,constructs,typescript,aws-sdk,aws-sdk-mock,${{ steps.list-packages.outputs.list }}'  --target=minor
+          lerna exec --parallel ncu -- --upgrade --reject='@types/node,@types/prettier,constructs,typescript,aws-sdk,aws-sdk-mock,${{ steps.list-packages.outputs.list }}'  --target=minor
 
       # This will ensure the current lockfile is up-to-date with the dependency specifications (necessary for "yarn update" to run)
       - name: Run "yarn install"

.github/workflows/yarn-upgrade.yml

@@ -37,32 +37,28 @@ jobs:
         run: yarn install --frozen-lockfile
       - name: Install Tools
         run: |-
-          npm -g install lerna npm-check-updates@^9.0.0
+          npm -g install lerna js-yaml npm-check-updates@^9.0.0
       - name: Build Integ Runner
-        run: cd packages/@aws-cdk/integ-runner && ../../../scripts/buildup
+        run: lerna run build --scope @aws-cdk/integ-runner --include-dependencies
       - name: List Mono-Repo Packages
         id: list-packages
         # These need to be ignored from the `ncu` runs!
         run: |-
-          echo -n "::set-output name=list::"
-          echo "list=$(lerna ls --all --json 2>/dev/null | jq -r 'map(.name) | join(",")')" >> $GITHUB_OUTPUT 
+          echo "list=$(lerna ls --all --json 2>/dev/null | jq -r 'map(.name) | join(",")')" >> $GITHUB_OUTPUT
       - name: Run "ncu -u"
-        # We special-case @types/node because we want to stay on the current major (minimum supported node release)
-        # We special-case @types/fs-extra because the current major (9.x) is broken with @types/node >= 10
+        # We special-case some @types because they need to be pinned to specific versions due to breaking changes in minor upgrades https://github.com/DefinitelyTyped/DefinitelyTyped/issues/64266
         # We special-case aws-sdk because of breaking changes with TS interface exports in recent minor versions - https://github.com/aws/aws-sdk-js/issues/3453
-        # We special-case typescript because it's not semantically versionned
+        # We special-case typescript because it's not semantically versioned
         # We special-case constructs because we want to stay in control of the minimum compatible version
         # We special-case lerna because we have a patch on it that stops applying if Lerna upgrades. Remove this once https://github.com/lerna/lerna/pull/2874 releases.
         # We special-case aws-sdk-mock because of breaking changes in type exports https://github.com/dwyl/aws-sdk-mock/pull/260. We are not respecting `@ts-ignore`
         run: |-
           # Upgrade dependencies at repository root
-          ncu --upgrade --filter=@types/node,@types/fs-extra --target=minor
           ncu --upgrade --filter=typescript --target=patch
-          ncu --upgrade --reject=@types/node,@types/prettier,@types/fs-extra,constructs,typescript,lerna --target=minor
+          ncu --upgrade --reject=@types/node,@types/prettier,constructs,typescript,lerna --target=minor
           # Upgrade all the packages
-          lerna exec --parallel ncu -- --upgrade --filter=@types/node,@types/fs-extra --target=minor
           lerna exec --parallel ncu -- --upgrade --filter=typescript --target=patch
-          lerna exec --parallel ncu -- --upgrade --reject='@types/node,@types/prettier,@types/fs-extra,constructs,typescript,aws-sdk,aws-sdk-mock,${{ steps.list-packages.outputs.list }}'  --target=minor
+          lerna exec --parallel ncu -- --upgrade --reject='@types/node,@types/prettier,constructs,typescript,aws-sdk,aws-sdk-mock,${{ steps.list-packages.outputs.list }}'  --target=minor
           # Upgrade package.jsons in init templates
           for pj in $(find packages/aws-cdk/lib/init-templates -name package.json); do
             (cd $(dirname $pj) && ncu --upgrade --reject='constructs,${{ steps.list-packages.outputs.list }}')

CHANGELOG.v2.alpha.md

@@ -2,6 +2,15 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.65.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.64.0-alpha.0...v2.65.0-alpha.0) (2023-02-15)
+
+
+### Features
+
+* **glue:** support Ray jobs ([#23822](https://github.com/aws/aws-cdk/issues/23822)) ([8de50d6](https://github.com/aws/aws-cdk/commit/8de50d624c8703a12713dcffbc764688868f22b0))
+* **redshift:** IAM roles can be attached to a cluster, post creation ([#23791](https://github.com/aws/aws-cdk/issues/23791)) ([1a46808](https://github.com/aws/aws-cdk/commit/1a46808b03e8f6d09846f999ae3dc65b190f5f26)), closes [#22632](https://github.com/aws/aws-cdk/issues/22632)
+* **synthetics:** support runtime 3.9 ([#24101](https://github.com/aws/aws-cdk/issues/24101)) ([9d23cad](https://github.com/aws/aws-cdk/commit/9d23caded8aca42d3b78de1bc7e89c38a4d6805e))
+
 ## [2.64.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.63.2-alpha.0...v2.64.0-alpha.0) (2023-02-09)
 
 

CHANGELOG.v2.md

@@ -2,6 +2,32 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.65.0](https://github.com/aws/aws-cdk/compare/v2.64.0...v2.65.0) (2023-02-15)
+
+
+### Features
+
+* **autoscaling:** L2 construct for enabling capacity rebalance of autoscaling ([#24025](https://github.com/aws/aws-cdk/issues/24025)) ([d2c63f5](https://github.com/aws/aws-cdk/commit/d2c63f55f8657315ad4e4dd463cfcae07cb66e53)), closes [#22625](https://github.com/aws/aws-cdk/issues/22625)
+* **chatbot:** support guardrail policies ([#24114](https://github.com/aws/aws-cdk/issues/24114)) ([4c72a7d](https://github.com/aws/aws-cdk/commit/4c72a7dc3994ba190f1e1aa467d3087228bcb881)), closes [#20788](https://github.com/aws/aws-cdk/issues/20788)
+* **core:** Allow passing Docker build secrets ([#23778](https://github.com/aws/aws-cdk/issues/23778)) ([74512fa](https://github.com/aws/aws-cdk/commit/74512fa339e0a2937213f519c109ef1207e9d0c6)), closes [#14910](https://github.com/aws/aws-cdk/issues/14910) [#14395](https://github.com/aws/aws-cdk/issues/14395)
+* **elbv2:** add metrics to INetworkTargetGroup and IApplicationTargetGroup ([#23993](https://github.com/aws/aws-cdk/issues/23993)) ([6a9e43f](https://github.com/aws/aws-cdk/commit/6a9e43f0c6f966df4671267eeda21638611dfb1c)), closes [#23853](https://github.com/aws/aws-cdk/issues/23853) [#10850](https://github.com/aws/aws-cdk/issues/10850)
+* **lambda:** add insights version 1.0.178.0 ([#23836](https://github.com/aws/aws-cdk/issues/23836)) ([5272908](https://github.com/aws/aws-cdk/commit/527290854d0fa31e7f41497ede0c1b8b0e1b9ad4))
+
+
+### Bug Fixes
+
+* **bootstrap:** remove Security Hub finding S3.10 ([#24175](https://github.com/aws/aws-cdk/issues/24175)) ([a1da757](https://github.com/aws/aws-cdk/commit/a1da757ce348b4bd66a6d0e7776f2ff8e9f531b6)), closes [/docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-s3-10](https://github.com/aws//docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html/issues/fsbp-s3-10)
+* **codedeploy:** unable to remove alarms from deployment group ([#23308](https://github.com/aws/aws-cdk/issues/23308)) ([eee005f](https://github.com/aws/aws-cdk/commit/eee005f4949d7438467c7448ba8326efa4b79221))
+* **codepipeline:** x-env ECS deployment lacking support stack-dependency ([#24053](https://github.com/aws/aws-cdk/issues/24053)) ([adfe4fa](https://github.com/aws/aws-cdk/commit/adfe4fa137bb748961b4a767d538335490e13ed1)), closes [#24050](https://github.com/aws/aws-cdk/issues/24050) [#24051](https://github.com/aws/aws-cdk/issues/24051)
+* **core:** messages are displayed multiple times per construct ([#24019](https://github.com/aws/aws-cdk/issues/24019)) ([57770bb](https://github.com/aws/aws-cdk/commit/57770bb12ea6d77373f1e9e8e04f6757b440f277)), closes [#9565](https://github.com/aws/aws-cdk/issues/9565)
+* **ec2:** enable set throughput param to CfnVolume ([#24118](https://github.com/aws/aws-cdk/issues/24118)) ([32781f8](https://github.com/aws/aws-cdk/commit/32781f825352f9cb43d8fed5c122b454275b3076)), closes [#24107](https://github.com/aws/aws-cdk/issues/24107) [#24107](https://github.com/aws/aws-cdk/issues/24107)
+* **elbv2:** healthcheck interval is overly restrictive ([#24157](https://github.com/aws/aws-cdk/issues/24157)) ([4f83e02](https://github.com/aws/aws-cdk/commit/4f83e02b85229ebdff3f32ba6fd662ffd707d8db)), closes [#24156](https://github.com/aws/aws-cdk/issues/24156)
+* **iam:** PrincipalWithConditions.addCondition fails with a new key ([#23782](https://github.com/aws/aws-cdk/issues/23782)) ([8951d01](https://github.com/aws/aws-cdk/commit/8951d013bea5dad54b94a6a683f56275ff4e6dba)), closes [#23781](https://github.com/aws/aws-cdk/issues/23781)
+* **iam:** SamlConsolePrincipal does not work in China [#22091](https://github.com/aws/aws-cdk/issues/22091) ([#24034](https://github.com/aws/aws-cdk/issues/24034)) ([2902043](https://github.com/aws/aws-cdk/commit/29020435aeb1a9fb6401572520d0adca8155dc60))
+* **pipelines:** SelfMutation CodeBuild project not accessible ([#24073](https://github.com/aws/aws-cdk/issues/24073)) ([5942978](https://github.com/aws/aws-cdk/commit/594297862f2626b64b174d6998886a40f1b316be))
+* **rds:** database proxies use ids as their resource names directly (under feature flag) ([#23703](https://github.com/aws/aws-cdk/issues/23703)) ([03a0f79](https://github.com/aws/aws-cdk/commit/03a0f79b40e3be95de5421370703eb54c06b7dd7)), closes [#18578](https://github.com/aws/aws-cdk/issues/18578)
+* **s3:** logging bucket blocks KMS_MANAGED encryption ([#23514](https://github.com/aws/aws-cdk/issues/23514)) ([1e8926f](https://github.com/aws/aws-cdk/commit/1e8926fa9bcf561135beaa31379ec1f1e6f79901))
+
 ## [2.64.0](https://github.com/aws/aws-cdk/compare/v2.63.2...v2.64.0) (2023-02-09)
 
 

README.md

@@ -33,7 +33,7 @@ Third-party Language Deprecation: language version is only supported until its E
 \
 Jump To:
 [Developer Guide](https://docs.aws.amazon.com/cdk/latest/guide) |
-[API Reference](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-construct-library.html) |
+[API Reference](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-construct-library.html) |
 [Getting Started](#getting-started) |
 [Getting Help](#getting-help) |
 [Contributing](#contributing) |

package.json

@@ -16,9 +16,10 @@
     "postinstall": "patch-package --error-on-fail"
   },
   "devDependencies": {
+    "@types/node": "18.11.18",
     "@types/prettier": "2.6.0",
     "@yarnpkg/lockfile": "^1.1.0",
-    "cdk-generate-synthetic-examples": "^0.1.140",
+    "cdk-generate-synthetic-examples": "^0.1.151",
     "conventional-changelog-cli": "^2.2.2",
     "fs-extra": "^9.1.0",
     "graceful-fs": "^4.2.10",

packages/@aws-cdk-testing/cli-integ/bin/run-suite.ts

@@ -22,6 +22,11 @@ async function main() {
       type: 'string',
       requiresArg: true,
     })
+    .option('test-file', {
+      description: 'The specific test file to run',
+      type: 'string',
+      requiresArg: true,
+    })
     .option('use-source', {
       descripton: 'Use TypeScript packages from the given source repository (or "auto")',
       alias: 's',
@@ -121,6 +126,7 @@ async function main() {
       ...args.test ? ['-t', args.test] : [],
       ...args.verbose ? ['--verbose'] : [],
       ...passWithNoTests ? ['--passWithNoTests'] : [],
+      ...args['test-file'] ? [args['test-file']] : [],
     ], path.resolve(__dirname, '..', 'resources', 'integ.jest.config.js'));
 
   } finally {

packages/@aws-cdk-testing/cli-integ/lib/integ-test.ts

@@ -17,7 +17,7 @@ export function integTest(
   name: string,
   callback: (context: TestContext) => Promise<void>,
   timeoutMillis?: number,
-) {
+): void {
 
   // Integ tests can run concurrently, and are responsible for blocking
   // themselves if they cannot.  Because `test.concurrent` executes the test
@@ -62,4 +62,4 @@ function shouldSkip(testName: string) {
 export function randomString() {
   // Crazy
   return Math.random().toString(36).replace(/[^a-z0-9]+/g, '');
-}
+}

packages/@aws-cdk-testing/cli-integ/lib/npm.ts

@@ -6,7 +6,7 @@ const MINIMUM_VERSION = '3.9';
  * Use NPM preinstalled on the machine to look up a list of TypeScript versions
  */
 export function typescriptVersionsSync(): string[] {
-  const { stdout } = spawnSync('npm', ['--silent', 'view', `typescript@>=${MINIMUM_VERSION}`, 'version', '--json']);
+  const { stdout } = spawnSync('npm', ['--silent', 'view', `typescript@>=${MINIMUM_VERSION}`, 'version', '--json'], { encoding: 'utf-8' });
 
   const versions: string[] = JSON.parse(stdout);
   return Array.from(new Set(versions.map(v => v.split('.').slice(0, 2).join('.'))));

packages/@aws-cdk-testing/cli-integ/lib/staging/npm.ts

@@ -1,10 +1,10 @@
 /* eslint-disable no-console */
 import * as path from 'path';
-import { updateIniKey, loadLines, writeLines } from '../files';
-import { shell } from '../shell';
 import { LoginInformation } from './codeartifact';
 import { parallelShell } from './parallel-shell';
 import { UsageDir } from './usage-dir';
+import { updateIniKey, loadLines, writeLines } from '../files';
+import { shell } from '../shell';
 
 export async function npmLogin(login: LoginInformation, usageDir: UsageDir) {
   // Creating an ~/.npmrc that references an envvar is what you're supposed to do. (https://docs.npmjs.com/private-modules/ci-server-config)

packages/@aws-cdk-testing/cli-integ/lib/with-aws.ts

@@ -1,6 +1,7 @@
 import { AwsClients } from './aws';
 import { TestContext } from './integ-test';
 import { ResourcePool } from './resource-pool';
+import { DisableBootstrapContext } from './with-cdk-app';
 
 export type AwsContext = { readonly aws: AwsClients };
 
@@ -9,12 +10,15 @@ export type AwsContext = { readonly aws: AwsClients };
  *
  * Allocate the next region from the REGION pool and dispose it afterwards.
  */
-export function withAws<A extends TestContext>(block: (context: A & AwsContext) => Promise<void>) {
-  return (context: A) => regionPool().using(async (region) => {
+export function withAws(
+  block: (context: TestContext & AwsContext & DisableBootstrapContext) => Promise<void>,
+  disableBootstrap: boolean = false,
+): (context: TestContext) => Promise<void> {
+  return (context: TestContext) => regionPool().using(async (region) => {
     const aws = await AwsClients.forRegion(region, context.output);
     await sanityCheck(aws);
 
-    return block({ ...context, aws });
+    return block({ ...context, disableBootstrap, aws });
   });
 }
 
@@ -60,4 +64,4 @@ async function sanityCheck(aws: AwsClients) {
     throw new Error('AWS credentials probably not configured, see previous error');
   }
 }
-let sanityChecked: boolean | undefined;
+let sanityChecked: boolean | undefined;