aws
diff --git a/‎.github/workflows/auto-approve-v2-merge-forward.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/auto-approve-v2-merge-forward.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 21 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎packages/@aws-cdk/aws-apigatewayv2/README.md‎
Lines changed: 7 additions & 1 deletion b/‎packages/@aws-cdk/aws-apigatewayv2/README.md‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎packages/@aws-cdk/aws-apigatewayv2/lib/http/api.ts‎
Lines changed: 29 additions & 2 deletions b/‎packages/@aws-cdk/aws-apigatewayv2/lib/http/api.ts‎
Lines changed: 29 additions & 2 deletions
diff --git a/‎packages/@aws-cdk/aws-apigatewayv2/test/http/api.test.ts‎
Lines changed: 24 additions & 0 deletions b/‎packages/@aws-cdk/aws-apigatewayv2/test/http/api.test.ts‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎packages/@aws-cdk/aws-applicationautoscaling/lib/step-scaling-policy.ts‎
Lines changed: 1 addition & 1 deletion b/‎packages/@aws-cdk/aws-applicationautoscaling/lib/step-scaling-policy.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/@aws-cdk/aws-appmesh/README.md‎
Lines changed: 38 additions & 0 deletions b/‎packages/@aws-cdk/aws-appmesh/README.md‎
Lines changed: 38 additions & 0 deletions
diff --git a/‎packages/@aws-cdk/aws-appmesh/lib/index.ts‎
Lines changed: 1 addition & 0 deletions b/‎packages/@aws-cdk/aws-appmesh/lib/index.ts‎
Lines changed: 1 addition & 0 deletions
@@ -1,7 +1,7 @@
 # Automatically approve PRs that merge master forward to v2-main
 #
 # Only does approvals! mergify takes care of the actual merge.
-name: Auto-approve forward merges onto v2-main
+name: Auto-approve automated PRs around CDK v2
 on:
   pull_request:
     types:
@@ -21,6 +21,6 @@ jobs:
       if: >
         github.event.pull_request.user.login == 'aws-cdk-automation'
         && github.event.pull_request.base.ref == 'v2-main'
-        && contains(github.event.pull_request.labels.*.name, 'pr/forward-merge')
+        && contains(github.event.pull_request.labels.*.name, 'pr/auto-approve')
       with:
         github-token: "${{ secrets.GITHUB_TOKEN }}"
@@ -2,6 +2,27 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.85.0](https://github.com/aws/aws-cdk/compare/v1.84.0...v1.85.0) (2021-01-14)
+
+* **s3-deployment**: This version includes an important update, please upgrade to prevent deployment failure. This is in prepartion of Lambda deperaction of the request module in boto, more details are available in [AWS blog](https://aws.amazon.com/blogs/compute/upcoming-changes-to-the-python-sdk-in-aws-lambda/). Note, users of versions < `1.81.0` will not be impacted by this deprecation, but are still encoraged to upgrade to the latest version.
+
+
+### Features
+
+* **apigatewayv2:** http api - disable execute api endpoint ([#12426](https://github.com/aws/aws-cdk/issues/12426)) ([1724da7](https://github.com/aws/aws-cdk/commit/1724da758666ec92f7b923c899d2f2f439083ba2)), closes [#12241](https://github.com/aws/aws-cdk/issues/12241)
+* **appmesh:** add listener TLS certificates for VirtualNodes and VirtualGateways ([#11863](https://github.com/aws/aws-cdk/issues/11863)) ([175a257](https://github.com/aws/aws-cdk/commit/175a2570465d484aa0a73a7bded34e686da493ed)), closes [#10051](https://github.com/aws/aws-cdk/issues/10051)
+* **cfnspec:** CloudFormation resource specification update to v23.0.0 ([#12490](https://github.com/aws/aws-cdk/issues/12490)) ([a7a2236](https://github.com/aws/aws-cdk/commit/a7a2236367f8f01b00b6d90f1d3fe7bf674b1aee))
+
+
+### Bug Fixes
+
+* **appsync:** rds data source configured with cluster arn ([#12255](https://github.com/aws/aws-cdk/issues/12255)) ([d0305f3](https://github.com/aws/aws-cdk/commit/d0305f33da41ce1f07a5d571eb21c0ee9ea852d0)), closes [#11536](https://github.com/aws/aws-cdk/issues/11536)
+* **aws-ecs:** Support configuring Windows capacity for cluster ASGs ([#12365](https://github.com/aws/aws-cdk/issues/12365)) ([6d9a0f1](https://github.com/aws/aws-cdk/commit/6d9a0f1ea0c05e7902ccca4d0fc4040e688846e5))
+* **eks:** aws-node-termination-handler incorrectly deployed to on-demand instances as well ([#12369](https://github.com/aws/aws-cdk/issues/12369)) ([05c0b5f](https://github.com/aws/aws-cdk/commit/05c0b5f5a31c3fe89c47c6db8d9051f7165641a9)), closes [#12368](https://github.com/aws/aws-cdk/issues/12368)
+* **s3:** Bucket.grantWrite() no longer adds s3:PutObject* permission ([#12391](https://github.com/aws/aws-cdk/issues/12391)) ([cd437cf](https://github.com/aws/aws-cdk/commit/cd437cf630266086a3ddf9e326f215b5d1acdfd7))
+* **s3-deployment:** stop using deprecated API's that will cause breakage post 01/31/21 ([#12491](https://github.com/aws/aws-cdk/issues/12491)) ([f50f928](https://github.com/aws/aws-cdk/commit/f50f92880bbc219c331c858eaace712e0757507d))
+* **sns:** require topic name for fifo topic [#12386](https://github.com/aws/aws-cdk/issues/12386) ([#12437](https://github.com/aws/aws-cdk/issues/12437)) ([37d8ccc](https://github.com/aws/aws-cdk/commit/37d8ccc763f532999bc9f114264f3d29725b0f28))
+
 ## [1.84.0](https://github.com/aws/aws-cdk/compare/v1.83.0...v1.84.0) (2021-01-12)
 
 
 
@@ -95,7 +95,13 @@ httpApi.addRoutes({
 });
 ```
 
-The URL to the endpoint can be retrieved via the `apiEndpoint` attribute.
+The URL to the endpoint can be retrieved via the `apiEndpoint` attribute. By default this URL is enabled for clients. Use `disableExecuteApiEndpoint` to disable it.
+
+```ts
+const httpApi = new HttpApi(stack, 'HttpApi', {
+  disableExecuteApiEndpoint: true,
+});
+```
 
 The `defaultIntegration` option while defining HTTP APIs lets you create a default catch-all integration that is
 matched when a client reaches a route that is not explicitly defined.
 
@@ -128,6 +128,15 @@ export interface HttpApiProps {
    * @default - no default domain mapping configured. meaningless if `createDefaultStage` is `false`.
    */
   readonly defaultDomainMapping?: DefaultDomainMappingOptions;
+
+  /**
+   * Specifies whether clients can invoke your API using the default endpoint.
+   * By default, clients can invoke your API with the default
+   * `https://{api_id}.execute-api.{region}.amazonaws.com` endpoint. Enable
+   * this if you would like clients to use your custom domain name.
+   * @default false execute-api endpoint enabled.
+   */
+  readonly disableExecuteApiEndpoint?: boolean;
 }
 
 /**
@@ -283,17 +292,24 @@ export class HttpApi extends HttpApiBase {
    */
   public readonly httpApiName?: string;
   public readonly httpApiId: string;
-  public readonly apiEndpoint: string;
+
+  /**
+   * Specifies whether clients can invoke this HTTP API by using the default execute-api endpoint.
+   */
+  public readonly disableExecuteApiEndpoint?: boolean;
 
   /**
    * default stage of the api resource
    */
   public readonly defaultStage: HttpStage | undefined;
 
+  private readonly _apiEndpoint: string;
+
   constructor(scope: Construct, id: string, props?: HttpApiProps) {
     super(scope, id);
 
     this.httpApiName = props?.apiName ?? id;
+    this.disableExecuteApiEndpoint = props?.disableExecuteApiEndpoint;
 
     let corsConfiguration: CfnApi.CorsProperty | undefined;
     if (props?.corsPreflight) {
@@ -324,11 +340,12 @@ export class HttpApi extends HttpApiBase {
       protocolType: 'HTTP',
       corsConfiguration,
       description: props?.description,
+      disableExecuteApiEndpoint: this.disableExecuteApiEndpoint,
     };
 
     const resource = new CfnApi(this, 'Resource', apiProps);
     this.httpApiId = resource.ref;
-    this.apiEndpoint = resource.attrApiEndpoint;
+    this._apiEndpoint = resource.attrApiEndpoint;
 
     if (props?.defaultIntegration) {
       new HttpRoute(this, 'DefaultRoute', {
@@ -357,6 +374,16 @@ export class HttpApi extends HttpApiBase {
     }
   }
 
+  /**
+   * Get the default endpoint for this API.
+   */
+  public get apiEndpoint(): string {
+    if (this.disableExecuteApiEndpoint) {
+      throw new Error('apiEndpoint is not accessible when disableExecuteApiEndpoint is set to true.');
+    }
+    return this._apiEndpoint;
+  }
+
   /**
    * Get the URL to the default stage of this API.
    * Returns `undefined` if `createDefaultStage` is unset.
 
@@ -215,6 +215,19 @@ describe('HttpApi', () => {
     });
   });
 
+  test('disableExecuteApiEndpoint is enabled', () => {
+    const stack = new Stack();
+    new HttpApi(stack, 'api', {
+      disableExecuteApiEndpoint: true,
+    });
+
+    expect(stack).toHaveResource('AWS::ApiGatewayV2::Api', {
+      Name: 'api',
+      ProtocolType: 'HTTP',
+      DisableExecuteApiEndpoint: true,
+    });
+  });
+
   test('can add a vpc links', () => {
     // GIVEN
     const stack = new Stack();
@@ -261,6 +274,17 @@ describe('HttpApi', () => {
     expect(api.apiEndpoint).toBeDefined();
   });
 
+  test('throws when accessing apiEndpoint and disableExecuteApiEndpoint is true', () => {
+    const stack = new Stack();
+    const api = new HttpApi(stack, 'api', {
+      disableExecuteApiEndpoint: true,
+    });
+
+    expect(() => api.apiEndpoint).toThrow(
+      /apiEndpoint is not accessible when disableExecuteApiEndpoint is set to true./,
+    );
+  });
+
   test('apiEndpoint for imported', () => {
     const stack = new Stack();
     const api = HttpApi.fromHttpApiAttributes(stack, 'imported', { httpApiId: 'api-1234' });
 
@@ -57,7 +57,7 @@ export interface StepScalingPolicyProps extends BasicStepScalingPolicyProps {
 }
 
 /**
- * Define a acaling strategy which scales depending on absolute values of some metric.
+ * Define a scaling strategy which scales depending on absolute values of some metric.
  *
  * You can specify the scaling behavior for various values of the metric.
  *
 
@@ -241,6 +241,44 @@ The `backends` property can be added with `node.addBackend()`. We define a virtu
 
 The `backendsDefaultClientPolicy` property are added to the node while creating the virtual node. These are virtual node's service backends client policy defaults.
 
+## Adding TLS to a listener
+
+The `tlsCertificate` property can be added to a Virtual Node listener or Virtual Gateway listener to add TLS configuration. 
+A certificate from AWS Certificate Manager can be incorporated or a customer provided certificate can be specified with a `certificateChain` path file and a `privateKey` file path.
+
+```typescript
+import * as certificatemanager from '@aws-cdk/aws-certificatemanager';
+
+// A Virtual Node with listener TLS from an ACM provided certificate
+const cert = new certificatemanager.Certificate(this, 'cert', {...});
+
+const node = new appmesh.VirtualNode(stack, 'node', {
+  mesh,
+  dnsHostName: 'node',
+  listeners: [appmesh.VirtualNodeListener.grpc({
+    port: 80,
+    tlsCertificate: appmesh.TlsCertificate.acm({
+      certificate: cert,
+      tlsMode: TlsMode.STRICT,
+    }),
+  })],
+});
+
+// A Virtual Gateway with listener TLS from a customer provided file certificate
+const gateway = new appmesh.VirtualGateway(this, 'gateway', {
+  mesh: mesh,
+  listeners: [appmesh.VirtualGatewayListener.grpc({
+    port: 8080,
+    tlsCertificate: appmesh.TlsCertificate.file({
+      certificateChain: 'path/to/certChain',
+      privateKey: 'path/to/privateKey',
+      tlsMode: TlsMode.STRICT,
+    }),
+  })],
+  virtualGatewayName: 'gateway',
+});
+```
+
 ## Adding a Route
 
 A `route` is associated with a virtual router, and it's used to match requests for a virtual router and distribute traffic accordingly to its associated virtual nodes.
 
@@ -5,6 +5,7 @@ export * from './route';
 export * from './service-discovery';
 export * from './route-spec';
 export * from './shared-interfaces';
+export * from './tls-certificate';
 export * from './virtual-node';
 export * from './virtual-router';
 export * from './virtual-router-listener';
Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,7 @@ export interface StepScalingPolicyProps extends BasicStepScalingPolicyProps {`
`57`	`57`	`}`
`58`	`58`
`59`	`59`	`/**`
`60`		`- * Define a acaling strategy which scales depending on absolute values of some metric.`
	`60`	`+ * Define a scaling strategy which scales depending on absolute values of some metric.`
`61`	`61`	`*`
`62`	`62`	`* You can specify the scaling behavior for various values of the metric.`
`63`	`63`	`*`