(aws-cdk, cli): Allowing Encrypted/Custom String value for CdkBootstrapVersion

[nroshanr]

Describe the feature

CdkBootstrapVersion SSM Parameter currently is an integer value. I'd like CDK to support encrypted value or any string value.

Use Case

Though the CdkBootstrapVersion value is an integer value with no sensitive data, there are cases where customers use automation systems that encrypts unencrypted SSM Parameter values that cause issue when deploying CDK stack.
For example, when the SSM Parameter value is encrypted, the cdk deploy fails with the error:

stack: SSM parameter /cdk-bootstrap/hnb659fds/version not a number: <encrypted_value>

This was pointed out early as well in Issue #30129

Proposed Solution

1. Since the source code performs an AWS SDK call and checks if the value is an integer, the code could check for any string value and ensure that the SSM Parameter exists, rather than forcing it to be an integer value.
2. Alternatively,CdkBootstrapVersion SSM Parameter could be created as SecureString instead of String once it is supported by AWS CloudFormation. Then the SSM GetParameter call can be used with WithDecryption set to True to solve this issue.

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CDK version used

2.1030.0

Environment details (OS name and version, etc.)

Amazon Linux 2023, TypeScript

[pahud]

Thank you for sharing your use case. Making this a p2 FR and please help us prioritize with 👍