- Add Amazon-provided IPv6 /56 CIDR block with auto-carved /64 per subnet
- Add Egress-Only Internet Gateway for free IPv6 outbound from private subnets
- Add IPv6 routes: public subnets via IGW, private subnets via EOIGW
- Add IPv6 NACL entries for subnet tier 2
- Add DynamoDB gateway endpoint (free, alongside existing S3)
- Add 6 interface endpoints: ECR, ECR Docker, CloudWatch Logs, STS,
Secrets Manager, SSM with shared security group
- Add enableIpv6 prop (default true) and interfaceEndpoints config
- Update VPC stack with context params for all new features
- Include design doc and implementation plan
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove duplicate shebang, set -e, and redundant SSM agent install from user data
script so cfn-signal always runs (root cause of "0 SUCCESS signals" deploy failure)
- Remove DNS record creation from service stack's configureBlueGreenDns() to avoid
CloudFormation conflicts with the persistent ALB stack that owns those records
- Replace readonly type assertion hacks with direct property assignments on 6 ALB/listener fields
- Change default health check path from /health to / for universal compatibility
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix HTTP listener in spicy-alb.ts missing default action when no certificate
is provided, which would cause CDK synth to fail
- Auto-import numberOfAzs from VPC stack exports (NumberOfAZs) in cluster,
service, and ALB stacks when not provided via context
- Fix CDK_SYNTH_EXAMPLES.md ALB examples using raw vpcId/subnetIds that don't
match the actual fromContext() implementation (requires clusterName)
- Fix docs overstating "only clusterName required" to list actual required params
- Remove package-lock.json and add to .gitignore (project uses pnpm)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
