renamed featureflag

resolved merge conflict

resolved merge conflicts

Author: Maharaj Haider

packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md

@@ -2127,6 +2127,24 @@ The new behavior from this feature will allow a user, for example, to set 1 of t
 | V2NEXT | `false` | `true` |
 
 
+### @aws-cdk/aws-s3:publicAccessBlockedByDefault
+
+*When enabled, setting any combination of options for BlockPublicAccess will automatically set true for any options not defined.*
+
+Flag type: Backwards incompatible bugfix
+
+When BlockPublicAccess is not set at all, s3's default behavior will be to set all options to true in aws console. 
+The previous behavior in cdk before this feature was; if only some of the BlockPublicAccessOptions were set (not all 4), then the ones undefined would default to false.
+This is counter intuitive to the console behavior where the options would start in true state and a user would uncheck the boxes as needed.
+The new behavior from this feature will allow a user, for example, to set 1 of the 4 BlockPublicAccessOpsions to false, and on deployment the other 3 will remain true.
+
+
+| Since | Default | Recommended |
+| ----- | ----- | ----- |
+| (not in v1) |  |  |
+| V2NEXT | `false` | `true` |
+
+
 ### @aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway
 
 *When enabled, the EgressOnlyGateway resource is only created if private subnets are defined in the dual-stack VPC.*

packages/aws-cdk-lib/recommended-feature-flags.json

@@ -72,6 +72,6 @@
   "@aws-cdk/aws-dynamodb:retainTableReplica": true,
   "@aws-cdk/aws-stepfunctions:useDistributedMapResultWriterV2": true,
   "@aws-cdk/s3-notifications:addS3TrustKeyPolicyForSnsSubscriptions": true,
-  "@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway": true,
-  "@aws-cdk/aws-s3:publicAccessBlockedByDefault": true
+  "@aws-cdk/aws-s3:publicAccessBlockedByDefault": true,
+  "@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway": true
 }