aws · KollaAdithya · Feb 17, 2023 · Feb 23, 2023 · Feb 24, 2023 · Feb 24, 2023
diff --git a/packages/@aws-cdk/aws-ecs/lib/cluster.ts b/packages/@aws-cdk/aws-ecs/lib/cluster.ts
@@ -14,6 +14,7 @@ import { InstanceDrainHook } from './drain-hook/instance-drain-hook';
 import { ECSMetrics } from './ecs-canned-metrics.generated';
 import { CfnCluster, CfnCapacityProvider, CfnClusterCapacityProviderAssociations } from './ecs.generated';
 
+const CLUSTER_SYMBOL = Symbol.for('@aws-cdk/aws-ecs/lib/cluster.Cluster');
 
 /**
  * The properties used to define an ECS cluster.

diff --git a/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md b/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md
@@ -47,6 +47,9 @@ Flags come in three types:
 | [@aws-cdk/aws-rds:databaseProxyUniqueResourceName](#aws-cdkaws-rdsdatabaseproxyuniqueresourcename) | Use unique resource name for Database Proxy | 2.65.0 | (fix) |
 | [@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId](#aws-cdkaws-apigatewayauthorizerchangedeploymentlogicalid) | Include authorizer configuration in the calculation of the API deployment logical ID. | 2.66.0 | (fix) |
 | [@aws-cdk/aws-ecs:addSecurityGroupToAsgCapacityProviders](#aws-cdkaws-ecsaddsecuritygrouptoasgcapacityproviders) | Add security group through "configureAutoScalingGroup" | V2NEXT | (default) |
+| [@aws-cdk/aws-ec2:launchTemplateDefaultUserData](#aws-cdkaws-ec2launchtemplatedefaultuserdata) | Define user data for a launch template by default when a machine image is provided. | 2.67.0 | (fix) |
+| [@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments](#aws-cdkaws-secretsmanageruseattachedsecretresourcepolicyforsecrettargetattachments) | SecretTargetAttachments uses the ResourcePolicy of the attached Secret. | 2.67.0 | (fix) |
+| [@aws-cdk/aws-redshift:columnId](#aws-cdkaws-redshiftcolumnid) | Whether to use an ID to track Redshift column changes | V2NEXT | (fix) |
 
 <!-- END table -->
 
@@ -850,14 +853,64 @@ reconfigured and lose connectivity to the ECS cluster. This feature flag enables
 
 If this flag is not set, cluster.addAsgCapacityProvider() does not correctly configure the autoscaling group's
 Security Groups to work with the ECS cluster. If the flag is set, the ASG is correctly configured.
+### @aws-cdk/aws-ec2:launchTemplateDefaultUserData
+
+*Define user data for a launch template by default when a machine image is provided.* (fix)
+
+The ec2.LaunchTemplate construct did not define user data when a machine image is
+provided despite the document. If this is set, a user data is automatically defined
+according to the OS of the machine image.
+
+
+| Since | Default | Recommended |
+| ----- | ----- | ----- |
+| (not in v1) |  |  |
+| 2.67.0 | `false` | `true` |
+
+
+### @aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments
+
+*SecretTargetAttachments uses the ResourcePolicy of the attached Secret.* (fix)
+
+Enable this feature flag to make SecretTargetAttachments use the ResourcePolicy of the attached Secret.
+SecretTargetAttachments are created to connect a Secret to a target resource. 
+In CDK code, they behave like regular Secret and can be used as a stand-in in most situations.
+Previously, adding to the ResourcePolicy of a SecretTargetAttachment did attempt to create a separate ResourcePolicy for the same Secret.
+However Secrets can only have a single ResourcePolicy, causing the CloudFormation deployment to fail.
+
+When enabling this feature flag for an existing Stack, ResourcePolicies created via a SecretTargetAttachment will need replacement.
+This won't be possible without intervention due to limitation outlined above.
+First remove all permissions granted to the Secret and deploy without the ResourcePolicies.
+Then you can re-add the permissions and deploy again.
 
 
 | Since | Default | Recommended |
 | ----- | ----- | ----- |
 | (not in v1) |  |  |
-| V2NEXT | `true` | `true` |
+| 2.67.0 | `false` | `true` |
+
+
+### @aws-cdk/aws-redshift:columnId
+
+*Whether to use an ID to track Redshift column changes* (fix)
+
+Redshift columns are identified by their `name`. If a column is renamed, the old column
+will be dropped and a new column will be created. This can cause data loss.
+
+This flag enables the use of an `id` attribute for Redshift columns. If this flag is enabled, the
+internal CDK architecture will track changes of Redshift columns through their `id`, rather
+than their `name`. This will prevent data loss when columns are renamed.
 
-**Compatibility with old behavior:** You can use `configureAutoScalingGroup()`, to add secuirty group.
+**NOTE** - Enabling this flag comes at a **risk**. When enabled, update the `id`s of all columns,
+**however** do not change the `names`s of the columns. If the `name`s of the columns are changed during
+initial deployment, the columns will be dropped and recreated, causing data loss. After the initial deployment
+of the `id`s, the `name`s of the columns can be changed without data loss.
+
+
+| Since | Default | Recommended |
+| ----- | ----- | ----- |
+| (not in v1) |  |  |
+| V2NEXT | `false` | `true` |
 
 
 <!-- END details -->