aws
diff --git a/‎CHANGELOG.v2.alpha.md‎
Lines changed: 11 additions & 0 deletions b/‎CHANGELOG.v2.alpha.md‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎CHANGELOG.v2.md‎
Lines changed: 2 additions & 0 deletions b/‎CHANGELOG.v2.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 1 addition & 1 deletion b/‎README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎ROADMAP.md‎
Lines changed: 1 addition & 1 deletion b/‎ROADMAP.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎allowed-breaking-changes.txt‎
Lines changed: 1 addition & 0 deletions b/‎allowed-breaking-changes.txt‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql.ts‎
Lines changed: 6 additions & 6 deletions b/‎packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql.ts‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎packages/@aws-cdk/aws-eks-v2-alpha/lib/cluster.ts‎
Lines changed: 36 additions & 6 deletions b/‎packages/@aws-cdk/aws-eks-v2-alpha/lib/cluster.ts‎
Lines changed: 36 additions & 6 deletions
diff --git a/‎packages/@aws-cdk/aws-eks-v2-alpha/lib/managed-nodegroup.ts‎
Lines changed: 1 addition & 1 deletion b/‎packages/@aws-cdk/aws-eks-v2-alpha/lib/managed-nodegroup.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip‎
-32.8 MB b/‎packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip‎
-32.8 MB
diff --git a/‎packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/asset.2e670e0c40dc05a34d602c35c948edefcb81afaeea05b9f6240341173af6164e.zip‎
Lines changed: 0 additions & 3 deletions b/‎packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/asset.2e670e0c40dc05a34d602c35c948edefcb81afaeea05b9f6240341173af6164e.zip‎
Lines changed: 0 additions & 3 deletions
@@ -2,6 +2,17 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.181.1-alpha.0](https://github.com/aws/aws-cdk/compare/v2.181.0-alpha.0...v2.181.1-alpha.0) (2025-02-27)
+
+
+### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES
+
+* **cognito-identitypool-alpha:** Any `IdentityPool` resources deployed in versions `>=2.179.0` will now fail to deploy. You will need to delete the `IdentityPoolRoleAttachment` from your stack via the console before redeploying.
+
+### Bug Fixes
+
+* **cognito-identitypool-alpha:** prevent stacks from not deploying correctly ([#33609](https://github.com/aws/aws-cdk/issues/33609)) ([a1e2afe](https://github.com/aws/aws-cdk/commit/a1e2afe67cc907fa278503ebc886aa3b5bf97887)), closes [#33510](https://github.com/aws/aws-cdk/issues/33510)
+
 ## [2.181.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.180.0-alpha.0...v2.181.0-alpha.0) (2025-02-25)
 
 
 
@@ -2,6 +2,8 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.181.1](https://github.com/aws/aws-cdk/compare/v2.181.0...v2.181.1) (2025-02-27)
+
 ## [2.181.0](https://github.com/aws/aws-cdk/compare/v2.180.0...v2.181.0) (2025-02-25)
 
 
 
@@ -155,7 +155,7 @@ this capability, please see the [developer guide](https://docs.aws.amazon.com/cd
 
 ## More Resources
 
-* [CDK Workshop](https://cdkworkshop.com/)
+* [AWS CDK Immersion Day Workshop](https://catalog.us-east-1.prod.workshops.aws/workshops/10141411-0192-4021-afa8-2436f3c66bd8/en-US)
 * [Construct Hub](https://constructs.dev) - Find and use open-source Cloud Development Kit (CDK) libraries
 * Best Practices
   * [Best practices for developing cloud applications with AWS CDK](https://aws.amazon.com/blogs/devops/best-practices-for-developing-cloud-applications-with-aws-cdk/)
 
@@ -138,7 +138,7 @@ To make the CDK more accessible and easier to understand, we publish educational
 - [Blog] [How the PGA Tour speeds up development with the AWS CDK](https://aws.amazon.com/blogs/devops/driving-development-forward-how-the-pga-tour-speeds-up-development-with-the-aws-cdk/)
 - [Workshop/Livestream] [CDK Workshop Series on CDK Live!](https://youtube.com/playlist?list=PLp1wJE9SAACOLvdtKL2P2Kq_N_AiYIj8N&si=hH14gEVmM_35xivq)
 - [Livestream] [Learn how to build and publish AWS CDK Constructs](https://www.youtube.com/live/kUfSoFy4Mgg?si=aDMMacUT3lq6ZeKw)
-- [Workshop] [The AWS CDK Workshop](https://cdkworkshop.com/)
+- [Workshop] [AWS CDK Immersion Day Workshop](https://catalog.us-east-1.prod.workshops.aws/workshops/10141411-0192-4021-afa8-2436f3c66bd8/en-US)
 - [Workshop] [Extended CDK Workshop](https://catalog.us-east-1.prod.workshops.aws/workshops/071bbc60-6c1f-47b6-8c66-e84f5dc96b3f/en-US)
 - [Workshop] [Automating your workload deployments in AWS Local Zones](https://catalog.workshops.aws/localzone-cdk/en-US)
 - [Blogpost] [Using AWS CloudFormation and AWS Cloud Development Kit to provision multicloud resources](https://aws.amazon.com/blogs/devops/using-aws-cloudformation-and-aws-cloud-development-kit-to-provision-multicloud-resources/)
 
@@ -6,6 +6,7 @@ change-return-type:@aws-cdk/cloud-assembly-schema.Manifest.load
 # Adding any new context queries will add to the ContextQueryProperties type,
 # which changes the signature of MissingContext.
 weakened:@aws-cdk/cloud-assembly-schema.MissingContext
+weakened:aws-cdk-lib.cloud_assembly_schema.MissingContext
 
 removed:@aws-cdk/core.BootstraplessSynthesizer.DEFAULT_ASSET_PUBLISHING_ROLE_ARN
 removed:@aws-cdk/core.DefaultStackSynthesizer.DEFAULT_ASSET_PUBLISHING_ROLE_ARN
 
@@ -178,12 +178,12 @@ customerDS.createResolver('MutationRemoveCustomer', {
   responseMappingTemplate: MappingTemplate.dynamoDbResultItem(),
 });
 
-const ops = [
-  { suffix: 'Eq', op: KeyCondition.eq },
-  { suffix: 'Lt', op: KeyCondition.lt },
-  { suffix: 'Le', op: KeyCondition.le },
-  { suffix: 'Gt', op: KeyCondition.gt },
-  { suffix: 'Ge', op: KeyCondition.ge },
+const ops: Array<{ suffix: string; op: (x: string, y: string) => KeyCondition }> = [
+  { suffix: 'Eq', op: (x, y) => KeyCondition.eq(x, y) },
+  { suffix: 'Lt', op: (x, y) => KeyCondition.lt(x, y) },
+  { suffix: 'Le', op: (x, y) => KeyCondition.le(x, y) },
+  { suffix: 'Gt', op: (x, y) => KeyCondition.gt(x, y) },
+  { suffix: 'Ge', op: (x, y) => KeyCondition.ge(x, y) },
 ];
 for (const { suffix, op } of ops) {
   orderDS.createResolver(`QueryGetCustomerOrders${suffix}`, {
 
@@ -1067,6 +1067,8 @@ export class Cluster extends ClusterBase {
 
   private readonly _kubectlProvider?: IKubectlProvider;
 
+  private readonly _clusterAdminAccess?: AccessEntry;
+
   /**
    * Initiates an EKS Cluster with the supplied arguments
    *
@@ -1279,11 +1281,7 @@ export class Cluster extends ClusterBase {
 
       // give the handler role admin access to the cluster
       // so it can deploy/query any resource.
-      this.grantAccess('ClusterAdminRoleAccess', this._kubectlProvider?.role!.roleArn, [
-        AccessPolicy.fromAccessPolicyName('AmazonEKSClusterAdminPolicy', {
-          accessScopeType: AccessScopeType.CLUSTER,
-        }),
-      ]);
+      this._clusterAdminAccess = this.grantClusterAdmin('ClusterAdminRoleAccess', this._kubectlProvider?.role!.roleArn);
     }
 
     // do not create a masters role if one is not provided. Trusting the accountRootPrincipal() is too permissive.
@@ -1351,6 +1349,32 @@ export class Cluster extends ClusterBase {
     this.addToAccessEntry(id, principal, accessPolicies);
   }
 
+  /**
+   * Grants the specified IAM principal cluster admin access to the EKS cluster.
+   *
+   * This method creates an `AccessEntry` construct that grants the specified IAM principal the cluster admin
+   * access permissions. This allows the IAM principal to perform the actions permitted
+   * by the cluster admin acces.
+   *
+   * @param id - The ID of the `AccessEntry` construct to be created.
+   * @param principal - The IAM principal (role or user) to be granted access to the EKS cluster.
+   * @returns the access entry construct
+   */
+  @MethodMetadata()
+  public grantClusterAdmin(id: string, principal: string): AccessEntry {
+    const newEntry = new AccessEntry(this, id, {
+      principal,
+      cluster: this,
+      accessPolicies: [
+        AccessPolicy.fromAccessPolicyName('AmazonEKSClusterAdminPolicy', {
+          accessScopeType: AccessScopeType.CLUSTER,
+        }),
+      ],
+    });
+    this.accessEntries.set(principal, newEntry);
+    return newEntry;
+  }
+
   /**
    * Fetch the load balancer address of a service of type 'LoadBalancer'.
    *
@@ -1730,13 +1754,19 @@ export class Cluster extends ClusterBase {
       },
     });
 
-    new KubernetesPatch(this, 'CoreDnsComputeTypePatch', {
+    const k8sPatch = new KubernetesPatch(this, 'CoreDnsComputeTypePatch', {
       cluster: this,
       resourceName: 'deployment/coredns',
       resourceNamespace: 'kube-system',
       applyPatch: renderPatch(CoreDnsComputeType.FARGATE),
       restorePatch: renderPatch(CoreDnsComputeType.EC2),
     });
+
+    // In Patch deletion, it needs to apply the restore patch to the cluster
+    // So the cluster admin access can only be deleted after the patch
+    if (this._clusterAdminAccess) {
+      k8sPatch.node.addDependency(this._clusterAdminAccess);
+    }
   }
 }
 
 
@@ -633,7 +633,7 @@ function getPossibleAmiTypes(instanceTypes: InstanceType[]): NodegroupAmiType[]
   const architectures: Set<AmiArchitecture> = new Set(instanceTypes.map(typeToArch));
 
   if (architectures.size === 0) { // protective code, the current implementation will never result in this.
-    throw new Error(`Cannot determine any ami type compatible with instance types: ${instanceTypes.map(i => i.toString).join(', ')}`);
+    throw new Error(`Cannot determine any ami type compatible with instance types: ${instanceTypes.map(i => i.toString()).join(', ')}`);
   }
 
   if (architectures.size > 1) {
Original file line number	Diff line number	Diff line change
`@@ -633,7 +633,7 @@ function getPossibleAmiTypes(instanceTypes: InstanceType[]): NodegroupAmiType[]`
`633`	`633`	`const architectures: Set<AmiArchitecture> = new Set(instanceTypes.map(typeToArch));`
`634`	`634`
`635`	`635`	`if (architectures.size === 0) { // protective code, the current implementation will never result in this.`
`636`		- throw new Error(`Cannot determine any ami type compatible with instance types: ${instanceTypes.map(i => i.toString).join(', ')}`);
	`636`	+ throw new Error(`Cannot determine any ami type compatible with instance types: ${instanceTypes.map(i => i.toString()).join(', ')}`);
`637`	`637`	`}`
`638`	`638`
`639`	`639`	`if (architectures.size > 1) {`