AWS CDK Monthly Update - September 2025

Index

• TL;DR
• Important Announcements
• Major Features
  • CDK Refactor
  • ECS Managed Instances Capacity Provider
  • ElastiCache Serverless L2 Constructs
  • DocumentDB Serverless Support
  • CodeBuild Fleet Enhancements
  • RDS Proxy Endpoints
• Community Highlights
  • Special Recognition
  • Content from the Community
  • CDK Express Pipeline GitHub Diff Action
  • CDK Booster
  • Promptz.dev
  • CDK Environment Management Guide
  • AWS CDK Tutorial
  • ACM Exportable Certificates
• Content from AWS
• How Can You Be Involved

TL;DR

Here is what AWS CDK team has been up to in September 2025. We're thrilled to introduce CDK Refactor - a game-changing feature that finally lets you reorganize your CDK code while preserving your deployed resources (no more accidental replacements!). We've also expanded our L2 construct library with recent additions for ECS Managed Instances, ElastiCache Serverless, and DocumentDB Serverless, while enhancing CodeBuild with powerful fleet management capabilities. Meanwhile, our amazing community continues to innovate with tools like CDK Express Pipeline GitHub Diff Action for visual PR reviews and CDK Booster for faster Lambda bundling. Let's dive into the details!

Important Announcements

Before diving into the features, here are some important announcements that might affect your CDK projects:

• CDK GoLang Library – Upcoming Backward Incompatible Change - Critical update for GoLang CDK users that will require code changes in upcoming releases.

• "Class incorrectly implements interface": additional interface member in v2.215.0 - Recent TypeScript interface changes that may affect custom construct implementations.

Major Features

CDK Refactor - Preserve Resources While Refactoring Code

CDK Refactor is now available in preview! This feature solves one of the most anxiety-inducing challenges in CDK development - the fear of accidentally replacing your stateful resources when you're simply trying to clean up your code.

What it solves: In the past, when you renamed constructs or moved resources between stacks, CloudFormation would interpret these changes as "destroy and recreate" operations, potentially leading to data loss or service interruptions. This made refactoring CDK code risky and stressful.

How it works: The new cdk refactor command intelligently detects changes in your construct tree and leverages CloudFormation's refactoring capabilities to update logical IDs without replacing the underlying physical resources. Here's a simple example:

Before
App
└─ MyStack
   ├─ Bucket
   ├─ Distribution
   └─ Function

After
App
├─ WebStack
│  ├─ WebsiteOrigin
│  └─ Distribution
└─ MyStack
   └─ Function

cdk refactor --unstable=refactor

With this capability, you can now confidently:

• Rename constructs without worrying about resource replacement
• Move resources between stacks as your architecture evolves
• Extract reusable components to improve code organization
• Apply software engineering best practices safely to your infrastructure code

ECS Managed Instances Capacity Provider

We're happy to announce full L2 construct support for ECS Managed Instances. This capability bridges the gap between serverless simplicity and EC2 flexibility, allowing you to specify exactly which instance types you need for specialized workloads.

Here's how to set it up:

declare const vpc: ec2.Vpc;
declare const infrastructureRole: iam.Role;
declare const instanceProfile: iam.InstanceProfile;
declare const securityGroups: ec2.SecurityGroup[];
declare const taskDefinition: ecs.TaskDefinition;

const cluster = new ecs.Cluster(this, 'Cluster', { vpc });

// Create a Managed Instances Capacity Provider
const miCapacityProvider = new ecs.ManagedInstancesCapacityProvider(this, 'MICapacityProvider', {
  infrastructureRole,
  ec2InstanceProfile: instanceProfile,
  subnets: vpc.privateSubnets,
  securityGroups: securityGroups,
  instanceRequirements: {
    vCpuCountMin: 1,
    memoryMin: Size.gibibytes(2),
    cpuManufacturers: [ec2.CpuManufacturer.INTEL],
    acceleratorManufacturers: [ec2.AcceleratorManufacturer.NVIDIA],
  },
  propagateTags: ecs.PropagateManagedInstancesTags.CAPACITY_PROVIDER,
});

// Add the capacity provider to the cluster
cluster.addManagedInstancesCapacityProvider(miCapacityProvider);

new ecs.Ec2Service(this, 'EC2Service', {
  cluster,
  taskDefinition,
  minHealthyPercent: 100,
  capacityProviderStrategies: [
    {
      capacityProvider: miCapacityProvider.capacityProviderName,
      weight: 1,
    },
  ],
});

ElastiCache Serverless L2 Constructs

Setting up Redis, Valkey or MemCached clusters just got a whole lot easier! We've introduced comprehensive L2 constructs for ElastiCache Serverless in the @aws-cdk/aws-elasticache-alpha package, taking care of all the configuration complexity for you.

declare const vpc: ec2.Vpc;

// Create an IAM user that has only write access
const user = new IamUser(this, 'User', {
  userId: "user",
  engine: UserEngine.REDIS,
  accessControl: AccessControl.fromAccessString('on ~* -@all +@write +ping')
});

// Create default NoPasswordUser, since Redis must have default username
const defaultUserNoAccess = new NoPasswordUser(this, 'DefaultUser', {
  userId: "default-user",
  userName: "default",
  engine: UserEngine.REDIS,
  accessControl: AccessControl.fromAccessString('on ~* -@all')
});


// Create ElastiCache user group
const userGroup = new UserGroup(this, 'UserGroup', {
  engine: UserEngine.REDIS,
  users: [defaultUserNoAccess, user],
});

// Create Redis serverless cache
const cache = new ServerlessCache(this, 'test', {
  userGroup,
  serverlessCacheName: 'my-redis-cache', 
  description: 'Serverless Redis cache for demo'
  engine: elasticache.CacheEngine.REDIS_7,
  vpc,
});

// Create Lambda funciton passing needed information to connect with the Cache
const lambdaFunction = new Function(this, 'CacheFunction', {
  environment: {
    CACHE_ENDPOINT: cache.serverlessCacheEndpointAddress,
    CACHE_PORT: cache.serverlessCacheEndpointPort,
    CACHE_NAME: cache.serverlessCacheName,
    USER_NAME: user.userName ?? "",
  },
  runtime: Runtime.NODEJS_LATEST,
  handler: 'cache-handler.handler',
  code: Code.fromAsset(path.join(__dirname, '../lambda')),
  vpc,
  timeout: cdk.Duration.minutes(2),
});

// Give the lambda function the proper permission to call Redis
user.grant(lambdaFunction);

DocumentDB Serverless Support

No more overprovisioning or underutilizing your DocumentDB clusters! You can now deploy serverless DocumentDB configurations through our L2 constructs, letting you configure auto-scaling without managing instances.

This straightforward pattern makes it simple:

const cluster = new docdb.DatabaseCluster(this, 'DocumentDbCluster', {
  masterUser: {
    username: secret.secretValueFromJson('username').unsafeUnwrap(),
    password: secret.secretValueFromJson('password')
  },
  instanceType: ec2.InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.MEDIUM),
  vpc: vpc,
  instances: 1
});

CodeBuild Fleet Enhancements

For teams running large-scale CI/CD operations, we've significantly enhanced CodeBuild's fleet management capabilities. These improvements give you much more control over your build infrastructure:

// Create CodeBuild Fleet for large-scale CI/CD
const buildFleet = new codebuild.Fleet(this, 'CiCdFleet', {
  fleetName: 'large-scale-cicd-fleet',
  baseCapacity: 5,
  computeType: codebuild.FleetComputeType.LARGE,
  environmentType: codebuild.EnvironmentType.LINUX_CONTAINER
});

// Create high-performance fleet for critical builds
const performanceFleet = new codebuild.Fleet(this, 'PerformanceFleet', {
  fleetName: 'high-performance-fleet',
  baseCapacity: 2,
  computeType: codebuild.FleetComputeType.X2_LARGE,
  environmentType: codebuild.EnvironmentType.LINUX_CONTAINER
});

RDS Proxy Endpoints

Connection management just got easier with our new L2 construct for RDS Proxy Endpoints. This is particularly valuable for managing read/write splits or creating specialized connection points:

// Create RDS Proxy using L2 construct
const proxy = new rds.DatabaseProxy(this, 'RdsProxy', {
  proxyTarget: rds.ProxyTarget.fromCluster(cluster),
  secrets: [secret],
  vpc: vpc
});

// Create read-only endpoint using L2 construct
const readEndpoint = new rds.DatabaseProxyEndpoint(this, 'ReadOnlyEndpoint', {
  dbProxy: proxy,
  dbProxyEndpointName: 'read-only',
  targetRole: rds.ProxyEndpointTargetRole.READ_ONLY,
  vpc: vpc,
  vpcSubnets: vpc.selectSubnets({ 
    subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS 
  })
});

Community Highlights

Our CDK community continues to create amazing tools that make working with CDK even better. Here are some standout contributions from this month:

Special Recognition

We want to shine a spotlight on some extraordinary external contributors who made significant impacts this month:

• Hung Tran - Implemented the RDS DatabaseProxyEndpoint L2 construct that many of you have been requesting
• Kazuho Cryer-Shinozuka - Made multiple significant contributions including CloudFront origins IP address type support, CloudFront origins response completion timeout, Synthetics browser type for canary, Batch ECS execute command, and CodeBuild fleet overflow behavior
• Ian Kerins - Implemented CodeBuild custom instance type and VPC support for Fleets
• Tietew - Added Route53 SVCB and HTTPS resource record classes
• Benoît Durand - Implemented Event Bus Logging Configuration support
• Kyle Roach - Added support for new Bun lock file
• Yuki Matsuda - Fixed RDS connections issue in DatabaseInstance.fromLookup
• Kasra Ghaffari - Made two important StepFunctions fixes: distributed map execution in nested StateGraphs and DistributedMap permissions for run/redrive operations

We're incredibly grateful to these contributors and to everyone who files issues, suggests improvements, and helps make CDK better every day. Thank you!

Content from the Community

CDK Express Pipeline GitHub Diff Action by Rehan van der Merwe

If you've ever struggled with reviewing CDK changes in pull requests, you'll love this tool. Rehan has created an incredible GitHub Action that visualizes CDK diffs directly in your PRs! It runs diffs in parallel, collects outputs from multiple stacks, and filters out noisy resources for much cleaner diffs.

Check it out: CDK Express Pipeline GitHub Diff Action

CDK Booster by Marko (ServerlessLife)

Tired of waiting for Lambda bundling during CDK deployments? Marko has launched CDK Booster, a clever tool that dramatically speeds up AWS CDK bundling of TypeScript/JavaScript Lambdas without requiring any code changes!

Learn more: CDK Booster

Promptz.dev by Christian Bonzalet

While this came out a few months ago, I think this needed a special callout for the CDK rules that make your prompt life much easier! Highly recommend :)

Learn more: Promptz.dev

CDK Environment Management Guide by Thorsten Höger and Kenta Goto

If you're managing multiple environments with CDK, don't miss this excellent deep-dive from Thorsten Höger and Kenta Goto. They've published a comprehensive guide to CDK environment management, exploring the pros and cons of static versus dynamic stack creation patterns.

Learn more: CDK Environment Management: Static vs Dynamic Stack Creation

AWS CDK Tutorial by Rahul Sharma

For those new to CDK or looking to strengthen their fundamentals, Rahul Sharma from SourceFuse has created an excellent tutorial that walks through key concepts and practical implementations. This resource is particularly valuable for developers transitioning from console-based management to Infrastructure as Code with CDK.

Learn more: AWS CDK Tutorial

ACM exportable certificates by Feng He

Hear what Feng He (Principal Solution Eng at Flybuys) has to say about their experience contributing to CDK - and saved \$15000 per year for their organization.

Content from AWS

This month has been exceptionally productive for AWS teams using CDK across various domains. Here's a roundup of valuable content to help you level up your CDK skills:

Deep Packet Inspection for Streaming Content

For those working with high-value media content, the AWS team has published a comprehensive guide on implementing deep packet inspection for securing streaming content using CDK. The blog includes detailed CDK code examples that you can adapt for your own secure streaming infrastructure.

Read the full article: AWS CDK: Deep packet inspection for securing high-value streaming content in the cloud

Console to Code: Accelerating AWS Infrastructure Deployment

Many teams start by using the AWS Console but struggle with the transition to Infrastructure as Code. This practical guide walks through the journey from manual deployments to automated CDK pipelines, with specific strategies to accelerate the transition.

Learn more: Accelerating AWS infrastructure deployment: A practical guide to console to code

Building GraphQL APIs with AWS AppSync and .NET

.NET developers will appreciate this deep dive into creating GraphQL APIs using AWS AppSync with Direct Lambda Resolvers. The article provides CDK code samples for setting up the entire infrastructure using .NET.

Read more: Building a GraphQL API with AWS AppSync using Direct Lambda Resolvers in .NET

Streamlining Spark Development with Data Solutions Framework

The Data Solutions Framework team has released a guide on simplifying Spark application development on Amazon EMR. This framework uses CDK to provide higher-level abstractions that help data engineers focus on business logic rather than infrastructure details.

Explore more: Streamline Spark application development on Amazon EMR with the Data Solutions Framework on AWS

Amazon ECS Blue/Green Deployments with Lifecycle Hooks

For container enthusiasts, this article explains how to extend deployment pipelines with Amazon ECS Blue/Green deployments and lifecycle hooks. It includes detailed CDK examples for setting up complex deployment workflows.

Dive in: Extending deployment pipelines with Amazon ECS Blue/Green deployments and lifecycle hooks

Creating a Private SageMaker Ground Truth Workforce with CDK

Machine learning practitioners will benefit from this guide on setting up a private workforce for Amazon SageMaker Ground Truth using CDK. It demonstrates how to automate the provisioning of labeling workforces for sensitive ML projects.

Learn more: Create a private workforce on Amazon SageMaker Ground Truth with the AWS CDK

How Can You Be Involved

Contributing to CDK

CDK thrives because of community contributions, and we'd love to have you join in! Here are some ways you can make a difference:

• Report Issues: Found a bug or have a feature request? Open an issue to help us improve
• Contribute Code: Looking to get your hands dirty? Check out our good first issues to get started
• Documentation: Help make CDK more accessible by improving our CDK Guide
• RFCs: Shape the future of CDK by participating in Request for Comments discussions

Community Engagement

The CDK community is friendly, helpful, and always learning. Join the conversation:

• CDK Community Slack: Chat with thousands of CDK users and experts at cdk.dev
• AWS re:Post: Ask questions and share your knowledge on AWS re:Post
• GitHub Discussions: Dive deep into CDK topics in CDK Discussions

---

The AWS CDK team is committed to making cloud development more accessible and enjoyable. Keep building amazing things, and we'll keep improving the tools to help you succeed!

Happy coding!