Index
- TL;DR
- A Message of Gratitude
- Major Features
- CDK Mixins - Developer Preview
- AI-Powered Development
- Service L2 Constructs
- Community Highlights
- Community Meetings
- Community Generated Content
- Content from AWS
- How Can You Be Involved
TL;DR
As we close out 2025, we're filled with gratitude for our incredible CDK community! This year brought exciting updates: CDK Mixins in developer preview, the AWS IaC MCP Server for AI-powered assistance, comprehensive EC2 Image Builder L2 support, Bedrock AgentCore constructs, and powerful new patterns like L1 constructs accepting other constructs as parameters. We've seen amazing contributions from our community (both internal AWS and external), launched new Grants patterns, added L2 constructs for Lambda Managed Instances, Lambda durable functions, Lambda multi-tenancy, Route53 failover routing, DynamoDB compound keys for GSIs, VPC Endpoints for ACM/ACM-PCA, and so much more. Thank you for making CDK better every day!
A Message of Gratitude
As we wrap up 2025, we want to take a moment to thank our amazing CDK community. This year has been extraordinary—not just because of the features we've shipped, but because of the incredible people who make CDK what it is.
To our external contributors: You've submitted PRs, filed issues, answered questions, and built amazing things with CDK. Your contributions—from major L2 constructs to small bug fixes—make CDK better for everyone. Thank you for your time, expertise, and dedication.
To our community members: Whether you're asking questions on Stack Overflow, sharing knowledge on Slack, or helping others in GitHub Discussions, you're building the welcoming, collaborative community that makes CDK special.
As we head into the holidays, we're grateful for each of you. Here's to an amazing 2026! 🎄✨
Major Features
CDK Mixins - Developer Preview
CDK Mixins fundamentally transform how you compose and reuse infrastructure abstractions. Apply sophisticated features to any construct—L1, L2, or custom—without being locked into specific implementations.
import { Mixins } from '@aws-cdk/mixins-preview';
import '@aws-cdk/mixins-preview/with';
import { EncryptionAtRest, AutoDeleteObjects } from '@aws-cdk/mixins-preview/aws-s3/mixins';
import * as s3 from 'aws-cdk-lib/aws-s3';
import * as logs from 'aws-cdk-lib/aws-logs';
// Fluent syntax
const bucket = new s3.CfnBucket(this, 'Bucket')
.with(new EncryptionAtRest())
.with(new AutoDeleteObjects());
// Cross-service abstractions
const logGroup = new logs.CfnLogGroup(this, 'LogGroup');
Mixins.of(logGroup).apply(new EncryptionAtRest());
// Apply at scale
Mixins.of(this).apply(new EncryptionAtRest());
Vended Log Deliveries - Automatically configure log delivery for 47+ AWS resources:
import { LogDelivery } from '@aws-cdk/mixins-preview';
// Automatically configure S3 bucket logging
const bucket = new s3.CfnBucket(this, 'Bucket');
Mixins.of(bucket).apply(new LogDelivery());
EventBridge Event Patterns
Helpers to generate type-safe EventBridge event patterns for 26 services:
import { BucketEvents } from '@aws-cdk/mixins-preview/aws-s3/events';
import * as events from 'aws-cdk-lib/aws-events';
import * as targets from 'aws-cdk-lib/aws-events-targets';
// Works with L2 constructs
const bucket = new s3.Bucket(this, 'Bucket');
const bucketEvents = BucketEvents.fromBucket(bucket);
new events.Rule(this, 'Rule', {
eventPattern: bucketEvents.objectCreatedPattern({
object: { key: ['uploads/*'] },
}),
targets: [new targets.LambdaFunction(fn)],
});
// Also works with L1 constructs
const cfnBucket = new s3.CfnBucket(this, 'CfnBucket');
const cfnBucketEvents = BucketEvents.fromBucket(cfnBucket);
new events.CfnRule(this, 'CfnRule', {
state: 'ENABLED',
eventPattern: cfnBucketEvents.objectCreatedPattern(),
targets: [{ arn: fn.functionArn, id: 'Target' }],
});
New Grants Pattern
Simplified permission management with dedicated grant classes! Now available for S3, DynamoDB, Step Functions, and Route53.
// S3
bucket.grants.read(role);
bucket.grants.write(role);
// DynamoDB
table.grants.readData(role);
table.grants.writeData(role);
table.streamGrants.read(role);
// Step Functions
stateMachine.grants.startExecution(role);
stateMachine.grants.read(role);
// Route53
hostedZone.grants.delegation(role);
Get started: npm install @aws-cdk/mixins-preview
L1 Constructs Accept Constructs as Parameters
Major DX improvement! Pass constructs directly instead of extracting ARNs/IDs for known resource relationships.
// Before
new lambda.CfnFunction(this, 'Function', {
role: role.roleArn, // Manual extraction
});
// After
new lambda.CfnFunction(this, 'Function', {
role: role, // Pass construct directly!
});
This pattern works across all L1 constructs, making your code cleaner and more intuitive.
AI-Powered Development
AWS IaC MCP Server
The AWS IaC MCP Server brings Model Context Protocol to your CDK workflow, integrating with AI assistants like Amazon Q Developer, Claude Desktop, Cursor, and VS Code.
Features:
- Build CDK with latest documentation, API references, and best practices
- Find CDK code samples across TypeScript, Python, Java, C#, Go
- Validate CloudFormation templates with cfn-lint
- Check compliance with cfn-guard
- Troubleshoot deployments with pattern matching
Configuration (~/.aws/amazonq/mcp.json):
{
"mcpServers": {
"awslabs.aws-iac-mcp-server": {
"command": "uvx",
"args": ["awslabs.aws-iac-mcp-server@latest"],
"env": {
"AWS_PROFILE": "your-named-profile"
}
}
}
}
Service L2 Constructs
EC2 Image Builder (Alpha)
Comprehensive L2 support for EC2 Image Builder with constructs for components, recipes, pipelines, workflows, and lifecycle policies!
import * as imagebuilder from '@aws-cdk/aws-imagebuilder-alpha';
const component = new imagebuilder.Component(this, 'Component', {
platform: imagebuilder.Platform.LINUX,
data: imagebuilder.ComponentData.fromAsset(this, 'ComponentAsset', 'component.yaml'),
});
const recipe = new imagebuilder.ImageRecipe(this, 'Recipe', {
parentImage: 'ami-12345678',
components: [component],
});
const pipeline = new imagebuilder.ImagePipeline(this, 'Pipeline', {
imageRecipe: recipe,
infrastructureConfiguration,
schedule: imagebuilder.Schedule.cron({ hour: '0', minute: '0' }),
});
const lifecycle = new imagebuilder.LifecyclePolicy(this, 'Lifecycle', {
resources: [imagebuilder.LifecycleResource.AMI],
rules: [{
action: imagebuilder.LifecycleAction.DELETE,
selection: {
type: imagebuilder.SelectionType.AGE,
value: 90,
unit: imagebuilder.TimeUnit.DAYS,
},
}],
});
Bedrock AgentCore (Alpha)
Build complete AI agents with runtime, gateway, memory, and tool integrations!
Runtime - Container-based agent execution with ECR and image URI support:
import * as agentcore from '@aws-cdk/aws-bedrock-agentcore-alpha';
// From ECR repository
const runtime = new agentcore.Runtime(this, 'Runtime', {
runtimeName: 'my-agent-runtime',
agentRuntimeArtifact: agentcore.AgentRuntimeArtifact.fromEcrRepository(repository, 'v1.0.0'),
});
// From image URI
const runtime2 = new agentcore.Runtime(this, 'Runtime2', {
runtimeName: 'my-agent-runtime-2',
agentRuntimeArtifact: agentcore.AgentRuntimeArtifact.fromImageUri('123456789012.dkr.ecr.us-east-1.amazonaws.com/my-image:latest'),
});
Gateway - Tool integrations with Lambda, OpenAPI, Smithy, and MCP servers:
const gateway = new agentcore.Gateway(this, 'Gateway', {
gatewayName: 'my-gateway',
});
// Add Lambda target
gateway.addLambdaTarget('LambdaTarget', {
gatewayTargetName: 'my-lambda-target',
lambdaFunction: myFunction,
toolSchema: agentcore.ToolSchema.fromAsset('schema.json'),
});
// Add MCP server target
gateway.addMcpServerTarget('McpTarget', {
gatewayTargetName: 'my-mcp-server',
endpoint: 'https://my-mcp-server.example.com',
});
Memory, Browser & Code Interpreter:
const memory = new agentcore.Memory(this, 'Memory', {
memoryName: 'conversation-memory',
});
const browser = new agentcore.Browser(this, 'Browser', {
browserName: 'my-browser',
});
const codeInterpreter = new agentcore.CodeInterpreter(this, 'CodeInterpreter', {
codeInterpreterName: 'my-code-interpreter',
});
Lambda Updates
Lambda Managed Instances - Managed instances for predictable performance:
import * as lambda from 'aws-cdk-lib/aws-lambda';
import * as ec2 from 'aws-cdk-lib/aws-ec2';
// Create VPC and security group (required)
const vpc = new ec2.Vpc(this, 'MyVpc');
const securityGroup = new ec2.SecurityGroup(this, 'SecurityGroup', { vpc });
// Create capacity provider with scaling configuration
const capacityProvider = new lambda.CapacityProvider(this, 'MyCapacityProvider', {
capacityProviderName: 'my-capacity-provider',
subnets: vpc.privateSubnets,
securityGroups: [securityGroup],
scalingOptions: lambda.ScalingOptions.manual([
lambda.TargetTrackingScalingPolicy.cpuUtilization(70),
]),
instanceTypeFilter: lambda.InstanceTypeFilter.allow([
ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.LARGE),
]),
});
// Create function (runtime must be NODEJS_22_X or newer)
const fn = new lambda.Function(this, 'Function', {
runtime: lambda.Runtime.NODEJS_22_X,
handler: 'index.handler',
code: lambda.Code.fromAsset('lambda'),
});
// Associate function with capacity provider
capacityProvider.addFunction(fn, {
perExecutionEnvironmentMaxConcurrency: 10,
executionEnvironmentMemoryGiBPerVCpu: 4,
});
Pre-provision managed instances for consistent performance and reduced cold starts. Perfect for latency-sensitive workloads that need predictable execution times. Read the blogpost to learn more.
Durable Functions - Build stateful Lambda functions that can pause and resume execution:
const fn = new lambda.Function(this, 'DurableFunction', {
runtime: lambda.Runtime.NODEJS_24_X,
handler: 'index.handler',
code: lambda.Code.fromAsset('lambda'),
durableConfig: {
executionTimeout: Duration.hours(1),
retentionPeriod: Duration.days(30),
},
});
Durable functions automatically get the AWSLambdaBasicDurableExecutionRolePolicy with permissions for lambda:CheckpointDurableExecution and lambda:GetDurableExecutionState.
Multi-Tenancy Support:
const fn = new lambda.Function(this, 'Function', {
runtime: lambda.Runtime.NODEJS_24_X,
handler: 'index.handler',
code: lambda.Code.fromAsset('lambda'),
tenancyConfig: {
tenancyMode: lambda.TenancyMode.DEDICATED,
},
});
ESM Features - Support for ES modules with improved error handling and observability.
New Runtimes:
- Node.js 24.x
- Python 3.14
- Java 25
DynamoDB Compound Keys for Global Secondary Indexes
table.addGlobalSecondaryIndex({
indexName: 'gsi1',
partitionKey: { name: 'gsi1pk', type: dynamodb.AttributeType.STRING },
sortKey: { name: 'gsi1sk', type: dynamodb.AttributeType.STRING },
projectionType: dynamodb.ProjectionType.ALL,
});
Additional Construct Updates
Route53 - Failover routing policy support:
import * as route53 from 'aws-cdk-lib/aws-route53';
new route53.ARecord(this, 'PrimaryRecord', {
zone: hostedZone,
recordName: 'www',
target: route53.RecordTarget.fromIpAddresses('1.2.3.4'),
failover: route53.Failover.PRIMARY,
healthCheck: primaryHealthCheck,
setIdentifier: 'failover-primary',
});
new route53.ARecord(this, 'SecondaryRecord', {
zone: hostedZone,
recordName: 'www',
target: route53.RecordTarget.fromIpAddresses('5.6.7.8'),
failover: route53.Failover.SECONDARY,
setIdentifier: 'failover-secondary',
});
Build highly available DNS configurations with automatic failover between primary and secondary endpoints.
Contributed by: Dave Dennis
EC2 - VPC Endpoints for ACM and ACM-PCA:
import * as ec2 from 'aws-cdk-lib/aws-ec2';
const acmEndpoint = new ec2.InterfaceVpcEndpoint(this, 'AcmEndpoint', {
vpc,
service: ec2.InterfaceVpcEndpointAwsService.CERTIFICATE_MANAGER,
});
const acmPcaEndpoint = new ec2.InterfaceVpcEndpoint(this, 'AcmPcaEndpoint', {
vpc,
service: ec2.InterfaceVpcEndpointAwsService.PRIVATE_CERTIFICATE_AUTHORITY,
});
Enable private connectivity to certificate services without internet gateway routing.
Contributed by: Yuto Anada
API Gateway - Response streaming support:
import * as apigateway from 'aws-cdk-lib/aws-apigateway';
const api = new apigateway.RestApi(this, 'StreamingApi', {
description: "'API with streaming responses',"
});
const integration = new apigateway.LambdaIntegration(streamingFunction, {
responseTransferMode: apigateway.ResponseTransferMode.STREAM,
});
api.root.addMethod('GET', integration);
Stream large responses from Lambda functions through API Gateway for better performance.
Contributed by: Kenta Goto
RDS - Enhanced CloudWatch log exports:
import * as rds from 'aws-cdk-lib/aws-rds';
const instance = new rds.DatabaseInstance(this, 'Database', {
engine: rds.DatabaseInstanceEngine.mysql({
version: rds.MysqlEngineVersion.VER_8_0,
}),
cloudwatchLogsExports: ['error', 'general', 'slow-query', 'iam-db-auth-error'],
instanceType: ec2.InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.MICRO),
vpc,
});
Improved observability with automatic export of IAM database authentication errors to CloudWatch.
Contributed by: Sami Jaktholm
Step Functions - Multiline JSONata string support:
import * as stepfunctions from 'aws-cdk-lib/aws-stepfunctions';
const transformTask = new stepfunctions.Pass(this, 'Transform', {
parameters: {
'TransformedData.$': `
$merge([
$,
{
"timestamp": $now(),
"processed": true
}
])
`,
},
});
Write complex JSONata transformations across multiple lines for better readability.
Contributed by: Mathieu Gilbert
EC2 - Instance metadata configuration:
import * as ec2 from 'aws-cdk-lib/aws-ec2';
const instance = new ec2.Instance(this, 'Instance', {
instanceType: ec2.InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.MICRO),
machineImage: ec2.MachineImage.latestAmazonLinux2(),
vpc,
requireImdsv2: true, // Enforce IMDSv2 for security
httpTokens: ec2.HttpTokens.REQUIRED,
httpPutResponseHopLimit: 1,
});
Enhanced security controls for EC2 instance metadata service configuration.
Contributed by: Pahud Hsieh
Glue - Version 5.1 support:
import * as glue from 'aws-cdk-lib/aws-glue';
const job = new glue.Job(this, 'EtlJob', {
executable: glue.JobExecutable.pythonEtl({
glueVersion: glue.GlueVersion.V5_1,
pythonVersion: glue.PythonVersion.THREE_NINE,
script: glue.Code.fromAsset('scripts/etl.py'),
}),
workerType: glue.WorkerType.G_2X,
workerCount: 10,
});
Latest Glue runtime with improved performance and new features for data processing workflows.
Contributed by: Yuki Matsuda
Community Highlights
Here are our most active external contributors this year:
| Contributor | First Contribution | Latest Contribution | Days Active | Repositories |
|---|---|---|---|---|
| Yuki Matsuda | May 1, 2024 | Nov 26, 2025 | 574 | aws/aws-cdk |
| Kazuho Cryer-Shinozuka | Dec 1, 2023 | Nov 28, 2025 | 727 | aws/aws-cdk |
| Kenta Goto | Sep 27, 2023 | Nov 25, 2025 | 790 | aws/aws-cdk, aws/aws-cdk-cli |
| Hung Tran | Nov 9, 2024 | Nov 26, 2025 | 382 | aws/aws-cdk |
| Michael Sambol | Oct 27, 2023 | Jun 1, 2025 | 583 | aws/aws-cdk |
| Tietew | Dec 25, 2023 | Nov 12, 2025 | 687 | aws/aws-cdk, aws/aws-cdk-cli |
*March 2025* was our most active external contribution month with over *200 unique active members* from the community! 🚀
Community Generated Content
We saw some amazing projects and blogposts created by CDK users to help others learn and improve their CDK skills.
Community Meetings
We held two community meetings so far! Join us on the CDK.dev YouTube channel to watch recordings and follow the community-meetings channel on CDK Slack stay updated on upcoming meetings. The next community meeting will be in January.
Content from AWS
Helpful Resources:
- AWS IaC MCP Server speed up CDK development with AI assistance.
- AWS CDK API Reference
- CDK Workshop Get started on CDK with hands-on learning.
- AWS Solution Constructs contains popular L3 constructs from AWS experts.
- CDK Construct Hub Discover community built constructs.
How Can You Be Involved
Report Issues
Open an issue on GitHub.
Contribute Code
Check our contributing guide and look for good first issue or help wanted labels.
Join the Conversation
- Slack: CDK.dev community
- GitHub: Discussions
-
Stack Overflow:
aws-cdktag
Star the Repo
Give us a star on GitHub! ⭐
Happy Holidays from the CDK Team!
As we close out 2025, we're incredibly grateful for this amazing community. Whether you contributed code, answered questions, filed issues, or simply built cool things with CDK—thank you for being part of our journey.
Here's to an even more amazing 2026! May your deployments be successful and your stacks always converge.
Top comments (0)