Skip to content

feat(cdk): Upgrade to aws-cdk-lib 2.250 and graduated eks_v2#922

Merged
ybezsonov merged 1 commit into
mainfrom
chore/cdk-2.260-eks-v2-cdknag-3
Jul 2, 2026
Merged

feat(cdk): Upgrade to aws-cdk-lib 2.250 and graduated eks_v2#922
ybezsonov merged 1 commit into
mainfrom
chore/cdk-2.260-eks-v2-cdknag-3

Conversation

@ybezsonov

Copy link
Copy Markdown
Contributor

Move infra/cdk to the highest CDK baseline that keeps cdk-nag suppressions working, and off the deprecated EKS alpha module.

  • Bump aws-cdk-lib 2.235.0 -> 2.250.0 (highest before the native Validations framework in 2.251 breaks cdk-nag 2.x suppression).
  • Drop the deprecated eks-v2-alpha module and repoint imports to the graduated stable software.amazon.awscdk.services.eks_v2 package.
  • Add appliesTo evidence to the IAM4/IAM5 nag suppressions so they actually suppress under the current CDK CLI (a bare rule id does not).
  • Document the version ceiling and the concrete update trigger in infra/cdk/NAG.md.
  • Update the workshop IAM policy resource id.

Verified: cdk synth passes with 0 cdk-nag findings under the latest CLI.

Issue #, if available:

Description of changes:

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Move infra/cdk to the highest CDK baseline that keeps cdk-nag
suppressions working, and off the deprecated EKS alpha module.

- Bump aws-cdk-lib 2.235.0 -> 2.250.0 (highest before the native
  Validations framework in 2.251 breaks cdk-nag 2.x suppression).
- Drop the deprecated eks-v2-alpha module and repoint imports to the
  graduated stable software.amazon.awscdk.services.eks_v2 package.
- Add appliesTo evidence to the IAM4/IAM5 nag suppressions so they
  actually suppress under the current CDK CLI (a bare rule id does not).
- Document the version ceiling and the concrete update trigger in
  infra/cdk/NAG.md.
- Update the workshop IAM policy resource id.

Verified: cdk synth passes with 0 cdk-nag findings under the latest CLI.
@ybezsonov ybezsonov merged commit c3ddabf into main Jul 2, 2026
49 checks passed
@ybezsonov ybezsonov deleted the chore/cdk-2.260-eks-v2-cdknag-3 branch July 2, 2026 17:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant