diff --git a/pack.sh b/pack.sh
index d270fb28271c5..86c29bacbd48c 100755
--- a/pack.sh
+++ b/pack.sh
@@ -92,8 +92,9 @@ cat > ${distdir}/build.json <<HERE
 }
 HERE
 
-# copy CHANGELOG.md to dist/ for github releases
+# copy CHANGELOG.md and RELEASE_NOTES.md to dist/ for github releases
 cp ${changelog_file} ${distdir}/CHANGELOG.md
+cp RELEASE_NOTES.md ${distdir}/RELEASE_NOTES.md
 
 # defensive: make sure our artifacts don't use the version marker (this means
 # that "pack" will always fails when building in a dev environment)
diff --git a/packages/@aws-cdk/aws-amplify/README.md b/packages/@aws-cdk/aws-amplify/README.md
index a706cb73bb39b..472846ea276b6 100644
--- a/packages/@aws-cdk/aws-amplify/README.md
+++ b/packages/@aws-cdk/aws-amplify/README.md
@@ -55,7 +55,8 @@ const amplifyApp = new amplify.App(this, 'MyApp', {
       },
       artifacts: {
         baseDirectory: 'public',
-        files: '**/*'
+        files:
+        - '**/*'
       }
     }
   })
diff --git a/packages/@aws-cdk/aws-codebuild/README.md b/packages/@aws-cdk/aws-codebuild/README.md
index d4b31c1bf91db..ff73599bca8e4 100644
--- a/packages/@aws-cdk/aws-codebuild/README.md
+++ b/packages/@aws-cdk/aws-codebuild/README.md
@@ -30,7 +30,7 @@ $ npm i @aws-cdk/aws-codebuild
 
 Import it into your code:
 
-```ts
+```ts nofixture
 import * as codebuild from '@aws-cdk/aws-codebuild';
 ```
 
@@ -56,7 +56,6 @@ CodeBuild!`:
 Use an AWS CodeCommit repository as the source of this build:
 
 ```ts
-import * as codebuild from '@aws-cdk/aws-codebuild';
 import * as codecommit from '@aws-cdk/aws-codecommit';
 
 const repository = new codecommit.Repository(this, 'MyRepo', { repositoryName: 'foo' });
@@ -70,10 +69,8 @@ new codebuild.Project(this, 'MyFirstCodeCommitProject', {
 Create a CodeBuild project with an S3 bucket as the source:
 
 ```ts
-import * as codebuild from '@aws-cdk/aws-codebuild';
-import * as s3 from '@aws-cdk/aws-s3';
-
 const bucket = new s3.Bucket(this, 'MyBucket');
+
 new codebuild.Project(this, 'MyProject', {
   source: codebuild.Source.s3({
     bucket: bucket,
@@ -140,7 +137,9 @@ const gitHubSource = codebuild.Source.gitHub({
 CodeBuild Projects can produce Artifacts and upload them to S3. For example:
 
 ```ts
-const project = codebuild.Project(stack, 'MyProject', {
+declare const bucket: s3.Bucket;
+
+const project = new codebuild.Project(this, 'MyProject', {
   buildSpec: codebuild.BuildSpec.fromObject({
     version: '0.2',
   }),
@@ -193,7 +192,7 @@ new codebuild.Project(this, 'Project', {
     owner: 'awslabs',
     repo: 'aws-cdk',
   }),
-  cache: codebuild.Cache.bucket(new Bucket(this, 'Bucket'))
+  cache: codebuild.Cache.bucket(new s3.Bucket(this, 'Bucket'))
 });
 ```
 
@@ -214,7 +213,7 @@ new codebuild.Project(this, 'Project', {
   }),
 
   // Enable Docker AND custom caching
-  cache: codebuild.Cache.local(LocalCacheMode.DOCKER_LAYER, LocalCacheMode.CUSTOM)
+  cache: codebuild.Cache.local(codebuild.LocalCacheMode.DOCKER_LAYER, codebuild.LocalCacheMode.CUSTOM)
 });
 ```
 
@@ -260,6 +259,8 @@ Note that the `WindowsBuildImage` version of the static methods accepts an optio
 which can be either `WindowsImageType.STANDARD`, the default, or `WindowsImageType.SERVER_2019`:
 
 ```ts
+declare const ecrRepository: ecr.Repository;
+
 new codebuild.Project(this, 'Project', {
   environment: {
     buildImage: codebuild.WindowsBuildImage.fromEcrRepository(ecrRepository, 'v1.0', codebuild.WindowsImageType.SERVER_2019),
@@ -269,7 +270,7 @@ new codebuild.Project(this, 'Project', {
       objectKey: 'path/to/cert.pem',
     },
   },
-  ...
+  // ...
 })
 ```
 
@@ -296,7 +297,7 @@ new codebuild.Project(this, 'Project', {
   environment: {
     buildImage: codebuild.LinuxGpuBuildImage.DLC_TENSORFLOW_2_1_0_INFERENCE,
   },
-  ...
+  // ...
 })
 ```
 
@@ -315,7 +316,7 @@ new codebuild.Project(this, 'Project', {
     buildImage: codebuild.LinuxGpuBuildImage.awsDeepLearningContainersImage(
       'tensorflow-inference', '2.1.0-gpu-py36-cu101-ubuntu18.04', '123456789012'),
   },
-  ...
+  // ...
 })
 ```
 
@@ -331,10 +332,9 @@ By default, logs will go to cloudwatch.
 new codebuild.Project(this, 'Project', {
   logging: {
     cloudWatch: {
-      logGroup: new cloudwatch.LogGroup(this, `MyLogGroup`),
+      logGroup: new logs.LogGroup(this, `MyLogGroup`),
     }
   },
-  ...
 })
 ```
 
@@ -347,7 +347,6 @@ new codebuild.Project(this, 'Project', {
       bucket: new s3.Bucket(this, `LogBucket`)
     }
   },
-  ...
 })
 ```
 
@@ -358,7 +357,7 @@ like GitHub:
 
 ```ts
 new codebuild.GitHubSourceCredentials(this, 'CodeBuildGitHubCreds', {
-  accessToken: cdk.SecretValue.secretsManager('my-token'),
+  accessToken: SecretValue.secretsManager('my-token'),
 });
 // GitHub Enterprise is almost the same,
 // except the class is called GitHubEnterpriseSourceCredentials
@@ -368,8 +367,8 @@ and BitBucket:
 
 ```ts
 new codebuild.BitBucketSourceCredentials(this, 'CodeBuildBitBucketCreds', {
-  username: cdk.SecretValue.secretsManager('my-bitbucket-creds', { jsonField: 'username' }),
-  password: cdk.SecretValue.secretsManager('my-bitbucket-creds', { jsonField: 'password' }),
+  username: SecretValue.secretsManager('my-bitbucket-creds', { jsonField: 'username' }),
+  password: SecretValue.secretsManager('my-bitbucket-creds', { jsonField: 'password' }),
 });
 ```
 
@@ -409,8 +408,10 @@ if you'd rather not have those permissions added,
 you can opt out of it when creating the project:
 
 ```ts
+declare const source: codebuild.Source;
+
 const project = new codebuild.Project(this, 'Project', {
-  // ...
+  source,
   grantReportGroupPermissions: false,
 });
 ```
@@ -419,10 +420,13 @@ Alternatively, you can specify an ARN of an existing resource group,
 instead of a simple name, in your buildspec:
 
 ```ts
+declare const source: codebuild.Source;
+
 // create a new ReportGroup
 const reportGroup = new codebuild.ReportGroup(this, 'ReportGroup');
 
 const project = new codebuild.Project(this, 'Project', {
+  source,
   buildSpec: codebuild.BuildSpec.fromObject({
     // ...
     reports: {
@@ -438,6 +442,9 @@ const project = new codebuild.Project(this, 'Project', {
 If you do that, you need to grant the project's role permissions to write reports to that report group:
 
 ```ts
+declare const project: codebuild.Project;
+declare const reportGroup: codebuild.ReportGroup;
+
 reportGroup.grantWrite(project);
 ```
 
@@ -456,8 +463,12 @@ project as a AWS CloudWatch event rule target:
 
 ```ts
 // start build when a commit is pushed
+import * as codecommit from '@aws-cdk/aws-codecommit';
 import * as targets from '@aws-cdk/aws-events-targets';
 
+declare const codeCommitRepository: codecommit.Repository;
+declare const project: codebuild.Project;
+
 codeCommitRepository.onCommit('OnCommit', {
   target: new targets.CodeBuildProject(project),
 });
@@ -469,6 +480,10 @@ To define Amazon CloudWatch event rules for build projects, use one of the `onXx
 methods:
 
 ```ts
+import * as targets from '@aws-cdk/aws-events-targets';
+declare const fn: lambda.Function;
+declare const project: codebuild.Project;
+
 const rule = project.onStateChange('BuildStateChange', {
   target: new targets.LambdaFunction(fn)
 });
@@ -480,7 +495,11 @@ To define CodeStar Notification rules for Projects, use one of the `notifyOnXxx(
 They are very similar to `onXxx()` methods for CloudWatch events:
 
 ```ts
-const target = new chatbot.SlackChannelConfiguration(stack, 'MySlackChannel', {
+import * as chatbot from '@aws-cdk/aws-chatbot';
+
+declare const project: codebuild.Project;
+
+const target = new chatbot.SlackChannelConfiguration(this, 'MySlackChannel', {
   slackChannelConfigurationName: 'YOUR_CHANNEL_NAME',
   slackWorkspaceId: 'YOUR_SLACK_WORKSPACE_ID',
   slackChannelId: 'YOUR_SLACK_CHANNEL_ID',
@@ -495,6 +514,10 @@ CodeBuild Projects can get their sources from multiple places, and produce
 multiple outputs. For example:
 
 ```ts
+import * as codecommit from '@aws-cdk/aws-codecommit';
+declare const repo: codecommit.Repository;
+declare const bucket: s3.Bucket;
+
 const project = new codebuild.Project(this, 'MyProject', {
   secondarySources: [
     codebuild.Source.codeCommit({
@@ -586,6 +609,8 @@ to access the resources that it needs by using the
 For example:
 
 ```ts
+declare const loadBalancer: elbv2.ApplicationLoadBalancer;
+
 const vpc = new ec2.Vpc(this, 'MyVPC');
 const project = new codebuild.Project(this, 'MyProject', {
   vpc: vpc,
@@ -608,7 +633,7 @@ The only supported file system type is `EFS`.
 For example:
 
 ```ts
-new codebuild.Project(stack, 'MyProject', {
+new codebuild.Project(this, 'MyProject', {
   buildSpec: codebuild.BuildSpec.fromObject({
     version: '0.2',
   }),
@@ -635,9 +660,9 @@ It returns an object containing the batch service role that was created,
 or `undefined` if batch builds could not be enabled, for example if the project was imported.
 
 ```ts
-import * as codebuild from '@aws-cdk/aws-codebuild';
+declare const source: codebuild.Source;
 
-const project = new codebuild.Project(this, 'MyProject', { ... });
+const project = new codebuild.Project(this, 'MyProject', { source, });
 
 if (project.enableBatchBuilds()) {
   console.log('Batch builds were enabled');
@@ -652,9 +677,7 @@ The default is 60 minutes.
 An example of overriding the default follows.
 
 ```ts
-import * as codebuild from '@aws-cdk/aws-codebuild';
-
-new codebuild.Project(stack, 'MyProject', {
+new codebuild.Project(this, 'MyProject', {
   timeout: Duration.minutes(90)
 });
 ```
@@ -665,9 +688,7 @@ As an example, to allow your Project to queue for up to thirty (30) minutes befo
 use the following code.
 
 ```ts
-import * as codebuild from '@aws-cdk/aws-codebuild';
-
-new codebuild.Project(stack, 'MyProject', {
+new codebuild.Project(this, 'MyProject', {
   queuedTimeout: Duration.minutes(30)
 });
 ```
@@ -679,9 +700,7 @@ It is possible to limit the maximum concurrent builds to value between 1 and the
 By default there is no explicit limit.
 
 ```ts
-import * as codebuild from '@aws-cdk/aws-codebuild';
-
-new codebuild.Project(stack, 'MyProject', {
+new codebuild.Project(this, 'MyProject', {
   concurrentBuildLimit: 1
 });
 ```
diff --git a/packages/@aws-cdk/aws-codebuild/lib/untrusted-code-boundary-policy.ts b/packages/@aws-cdk/aws-codebuild/lib/untrusted-code-boundary-policy.ts
index 229cb547e7c1f..1a94c521fc08a 100644
--- a/packages/@aws-cdk/aws-codebuild/lib/untrusted-code-boundary-policy.ts
+++ b/packages/@aws-cdk/aws-codebuild/lib/untrusted-code-boundary-policy.ts
@@ -39,7 +39,8 @@ export interface UntrustedCodeBoundaryPolicyProps {
  *
  * @example
  *
- * iam.PermissionsBoundary.of(project).apply(new UntrustedCodeBoundaryPolicy(this, 'Boundary'));
+ * declare const project: codebuild.Project;
+ * iam.PermissionsBoundary.of(project).apply(new codebuild.UntrustedCodeBoundaryPolicy(this, 'Boundary'));
  */
 export class UntrustedCodeBoundaryPolicy extends iam.ManagedPolicy {
   constructor(scope: Construct, id: string, props: UntrustedCodeBoundaryPolicyProps = {}) {
diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink/README.md b/packages/@aws-cdk/aws-kinesisanalytics-flink/README.md
index 5322ff28027f7..830b59a2c7053 100644
--- a/packages/@aws-cdk/aws-kinesisanalytics-flink/README.md
+++ b/packages/@aws-cdk/aws-kinesisanalytics-flink/README.md
@@ -59,7 +59,7 @@ import * as logs from '@aws-cdk/aws-logs';
 
 const flinkApp = new flink.Application(this, 'Application', {
   code: flink.ApplicationCode.fromBucket(bucket, 'my-app.jar'),
-  runtime: file.Runtime.FLINK_1_11,
+  runtime: file.Runtime.FLINK_1_13,
   checkpointingEnabled: true, // default is true
   checkpointInterval: cdk.Duration.seconds(30), // default is 1 minute
   minPauseBetweenCheckpoints: cdk.Duration.seconds(10), // default is 5 seconds
diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink/lib/types.ts b/packages/@aws-cdk/aws-kinesisanalytics-flink/lib/types.ts
index b92d55cb48518..02e56eee10966 100644
--- a/packages/@aws-cdk/aws-kinesisanalytics-flink/lib/types.ts
+++ b/packages/@aws-cdk/aws-kinesisanalytics-flink/lib/types.ts
@@ -37,7 +37,7 @@ export enum MetricsLevel {
  * configuration.
  */
 export interface PropertyGroups {
-  readonly [propertyId: string]: {[mapKey: string]: string};
+  readonly [propertyId: string]: { [mapKey: string]: string };
 }
 
 /**
@@ -53,6 +53,9 @@ export class Runtime {
   /** Flink Version 1.11 */
   public static readonly FLINK_1_11 = Runtime.of('FLINK-1_11');
 
+  /** Flink Version 1.13 */
+  public static readonly FLINK_1_13 = Runtime.of('FLINK-1_13');
+
   /** Create a new Runtime with with an arbitrary Flink version string */
   public static of(value: string) {
     return new Runtime(value);
diff --git a/packages/@aws-cdk/core/README.md b/packages/@aws-cdk/core/README.md
index 1090d893c508d..79ac6e6bb3e4d 100644
--- a/packages/@aws-cdk/core/README.md
+++ b/packages/@aws-cdk/core/README.md
@@ -48,7 +48,7 @@ logical application. You can then treat that new unit the same way you used
 to be able to treat a single stack: by instantiating it multiple times
 for different instances of your application.
 
-You can define a custom subclass of `Construct`, holding one or more
+You can define a custom subclass of `Stage`, holding one or more
 `Stack`s, to represent a single logical instance of your application.
 
 As a final note: `Stack`s are not a unit of reuse. They describe physical
diff --git a/packages/@aws-cdk/core/lib/stack-synthesizers/default-synthesizer.ts b/packages/@aws-cdk/core/lib/stack-synthesizers/default-synthesizer.ts
index 5c4072c3efc5c..aae69e36ef24e 100644
--- a/packages/@aws-cdk/core/lib/stack-synthesizers/default-synthesizer.ts
+++ b/packages/@aws-cdk/core/lib/stack-synthesizers/default-synthesizer.ts
@@ -600,7 +600,7 @@ function addBootstrapVersionRule(stack: Stack, requiredVersion: number, bootstra
 
   const param = new CfnParameter(stack, 'BootstrapVersion', {
     type: 'AWS::SSM::Parameter::Value<String>',
-    description: 'Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store.',
+    description: `Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. ${cxapi.SSMPARAM_NO_INVALIDATE}`,
     default: bootstrapStackVersionSsmParameter,
   });
 
diff --git a/packages/@aws-cdk/core/test/stack-synthesis/new-style-synthesis.test.ts b/packages/@aws-cdk/core/test/stack-synthesis/new-style-synthesis.test.ts
index 1528e91205f80..3a8d8c1e60b31 100644
--- a/packages/@aws-cdk/core/test/stack-synthesis/new-style-synthesis.test.ts
+++ b/packages/@aws-cdk/core/test/stack-synthesis/new-style-synthesis.test.ts
@@ -70,6 +70,7 @@ describe('new style synthesis', () => {
     const template = app.synth().getStackByName('Stack').template;
     expect(template?.Parameters?.BootstrapVersion?.Type).toEqual('AWS::SSM::Parameter::Value<String>');
     expect(template?.Parameters?.BootstrapVersion?.Default).toEqual('/cdk-bootstrap/hnb659fds/version');
+    expect(template?.Parameters?.BootstrapVersion?.Description).toContain(cxapi.SSMPARAM_NO_INVALIDATE);
 
     const assertions = template?.Rules?.CheckBootstrapVersion?.Assertions ?? [];
     expect(assertions.length).toEqual(1);
diff --git a/packages/@aws-cdk/cx-api/lib/cxapi.ts b/packages/@aws-cdk/cx-api/lib/cxapi.ts
index 33d83e74ea45c..9b179e9a71b5f 100644
--- a/packages/@aws-cdk/cx-api/lib/cxapi.ts
+++ b/packages/@aws-cdk/cx-api/lib/cxapi.ts
@@ -31,4 +31,13 @@ export const CLI_VERSION_ENV = 'CDK_CLI_VERSION';
 /**
  * If a context value is an object with this key, it indicates an error
  */
-export const PROVIDER_ERROR_KEY = '$providerError';
\ No newline at end of file
+export const PROVIDER_ERROR_KEY = '$providerError';
+
+
+/**
+ * This SSM parameter does not invalidate the template
+ *
+ * If this string occurs in the description of an SSM parameter, the CLI
+ * will not assume that the stack must always be redeployed.
+ */
+export const SSMPARAM_NO_INVALIDATE = '[cdk:skip]';
\ No newline at end of file
diff --git a/packages/@aws-cdk/pipelines/test/blueprint/stack-deployment.test.ts b/packages/@aws-cdk/pipelines/test/blueprint/stack-deployment.test.ts
index ee9d5b29240ce..68ca1f20a20b6 100644
--- a/packages/@aws-cdk/pipelines/test/blueprint/stack-deployment.test.ts
+++ b/packages/@aws-cdk/pipelines/test/blueprint/stack-deployment.test.ts
@@ -31,7 +31,7 @@ describe('templateUrl', () => {
     const sd = StageDeployment.fromStage(stage);
 
     // THEN
-    expect(sd.stacks[0].templateUrl).toBe('https://cdk-hnb659fds-assets-111-us-east-1.s3.us-east-1.amazonaws.com/4ef627170a212f66f5d1d9240d967ef306f4820ff9cb05b3a7ec703df6af6c3e.json');
+    expect(sd.stacks[0].templateUrl).toBe('https://cdk-hnb659fds-assets-111-us-east-1.s3.us-east-1.amazonaws.com/93ae4de94f81d0905c37db64b7304f5d65233ca4d9581d3a32215743c9bb92dd.json');
   });
 
   test('without region', () => {
@@ -43,7 +43,7 @@ describe('templateUrl', () => {
     const sd = StageDeployment.fromStage(stage);
 
     // THEN
-    expect(sd.stacks[0].templateUrl).toBe('https://cdk-hnb659fds-assets-111-.s3.amazonaws.com/$%7BAWS::Region%7D/4ef627170a212f66f5d1d9240d967ef306f4820ff9cb05b3a7ec703df6af6c3e.json');
+    expect(sd.stacks[0].templateUrl).toBe('https://cdk-hnb659fds-assets-111-.s3.amazonaws.com/$%7BAWS::Region%7D/93ae4de94f81d0905c37db64b7304f5d65233ca4d9581d3a32215743c9bb92dd.json');
   });
 
 });
diff --git a/packages/@aws-cdk/pipelines/test/integ.newpipeline-with-vpc.expected.json b/packages/@aws-cdk/pipelines/test/integ.newpipeline-with-vpc.expected.json
index e0075942e6069..80a17d7243cb1 100644
--- a/packages/@aws-cdk/pipelines/test/integ.newpipeline-with-vpc.expected.json
+++ b/packages/@aws-cdk/pipelines/test/integ.newpipeline-with-vpc.expected.json
@@ -2368,7 +2368,7 @@
     "BootstrapVersion": {
       "Type": "AWS::SSM::Parameter::Value<String>",
       "Default": "/cdk-bootstrap/hnb659fds/version",
-      "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store."
+      "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
     }
   },
   "Rules": {
diff --git a/packages/@aws-cdk/pipelines/test/integ.newpipeline.expected.json b/packages/@aws-cdk/pipelines/test/integ.newpipeline.expected.json
index 07e65b9bd643f..935ad4ce5136a 100644
--- a/packages/@aws-cdk/pipelines/test/integ.newpipeline.expected.json
+++ b/packages/@aws-cdk/pipelines/test/integ.newpipeline.expected.json
@@ -2303,7 +2303,7 @@
     "BootstrapVersion": {
       "Type": "AWS::SSM::Parameter::Value<String>",
       "Default": "/cdk-bootstrap/hnb659fds/version",
-      "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store."
+      "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
     }
   },
   "Rules": {
diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-security.expected.json b/packages/@aws-cdk/pipelines/test/integ.pipeline-security.expected.json
index b72a78754a1d2..3d808a0f31767 100644
--- a/packages/@aws-cdk/pipelines/test/integ.pipeline-security.expected.json
+++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-security.expected.json
@@ -2366,7 +2366,7 @@
     "BootstrapVersion": {
       "Type": "AWS::SSM::Parameter::Value<String>",
       "Default": "/cdk-bootstrap/hnb659fds/version",
-      "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store."
+      "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
     }
   },
   "Rules": {
diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.expected.json b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.expected.json
index 8250f113b53e3..85f20ecf8995f 100644
--- a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.expected.json
+++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.expected.json
@@ -1519,7 +1519,7 @@
     "BootstrapVersion": {
       "Type": "AWS::SSM::Parameter::Value<String>",
       "Default": "/cdk-bootstrap/hnb659fds/version",
-      "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store."
+      "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
     }
   },
   "Rules": {
diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.expected.json b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.expected.json
index c2e4cddc58aef..e236dbdb569ac 100644
--- a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.expected.json
+++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.expected.json
@@ -1576,7 +1576,7 @@
     "BootstrapVersion": {
       "Type": "AWS::SSM::Parameter::Value<String>",
       "Default": "/cdk-bootstrap/hnb659fds/version",
-      "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store."
+      "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
     }
   },
   "Rules": {
diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline.expected.json b/packages/@aws-cdk/pipelines/test/integ.pipeline.expected.json
index 32a0a50bd90d5..0f158a1dffdf5 100644
--- a/packages/@aws-cdk/pipelines/test/integ.pipeline.expected.json
+++ b/packages/@aws-cdk/pipelines/test/integ.pipeline.expected.json
@@ -1299,7 +1299,7 @@
     "BootstrapVersion": {
       "Type": "AWS::SSM::Parameter::Value<String>",
       "Default": "/cdk-bootstrap/hnb659fds/version",
-      "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store."
+      "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
     }
   },
   "Rules": {
diff --git a/packages/aws-cdk-lib/README.md b/packages/aws-cdk-lib/README.md
index 5d225ce542aa5..40fc7c0d880af 100644
--- a/packages/aws-cdk-lib/README.md
+++ b/packages/aws-cdk-lib/README.md
@@ -81,7 +81,7 @@ logical application. You can then treat that new unit the same way you used
 to be able to treat a single stack: by instantiating it multiple times
 for different instances of your application.
 
-You can define a custom subclass of `Construct`, holding one or more
+You can define a custom subclass of `Stage`, holding one or more
 `Stack`s, to represent a single logical instance of your application.
 
 As a final note: `Stack`s are not a unit of reuse. They describe physical
diff --git a/packages/aws-cdk/lib/api/deploy-stack.ts b/packages/aws-cdk/lib/api/deploy-stack.ts
index f58f441560e3e..6b5afe9673ead 100644
--- a/packages/aws-cdk/lib/api/deploy-stack.ts
+++ b/packages/aws-cdk/lib/api/deploy-stack.ts
@@ -14,7 +14,7 @@ import { CfnEvaluationException } from './hotswap/evaluate-cloudformation-templa
 import { ToolkitInfo } from './toolkit-info';
 import {
   changeSetHasNoChanges, CloudFormationStack, TemplateParameters, waitForChangeSet,
-  waitForStackDeploy, waitForStackDelete, ParameterValues,
+  waitForStackDeploy, waitForStackDelete, ParameterValues, ParameterChanges,
 } from './util/cloudformation';
 import { StackActivityMonitor, StackActivityProgress } from './util/cloudformation/stack-activity-monitor';
 
@@ -466,7 +466,7 @@ export async function destroyStack(options: DestroyStackOptions) {
 async function canSkipDeploy(
   deployStackOptions: DeployStackOptions,
   cloudFormationStack: CloudFormationStack,
-  parameterChanges: boolean): Promise<boolean> {
+  parameterChanges: ParameterChanges): Promise<boolean> {
 
   const deployName = deployStackOptions.deployName || deployStackOptions.stack.stackName;
   debug(`${deployName}: checking if we can skip deploy`);
@@ -509,7 +509,11 @@ async function canSkipDeploy(
 
   // Parameters have changed
   if (parameterChanges) {
-    debug(`${deployName}: parameters have changed`);
+    if (parameterChanges === 'ssm') {
+      debug(`${deployName}: some parameters come from SSM so we have to assume they may have changed`);
+    } else {
+      debug(`${deployName}: parameters have changed`);
+    }
     return false;
   }
 
diff --git a/packages/aws-cdk/lib/api/hotswap-deployments.ts b/packages/aws-cdk/lib/api/hotswap-deployments.ts
index 138adf904c992..19b8405a7de19 100644
--- a/packages/aws-cdk/lib/api/hotswap-deployments.ts
+++ b/packages/aws-cdk/lib/api/hotswap-deployments.ts
@@ -35,8 +35,7 @@ export async function tryHotswapDeployment(
     parameters: assetParams,
     account: resolvedEnv.account,
     region: resolvedEnv.region,
-    // ToDo make this better:
-    partition: 'aws',
+    partition: (await sdk.currentAccount()).partition,
     // ToDo make this better:
     urlSuffix: 'amazonaws.com',
     listStackResources,
diff --git a/packages/aws-cdk/lib/api/util/cloudformation.ts b/packages/aws-cdk/lib/api/util/cloudformation.ts
index 19db988fdc15e..b3b5660d727c4 100644
--- a/packages/aws-cdk/lib/api/util/cloudformation.ts
+++ b/packages/aws-cdk/lib/api/util/cloudformation.ts
@@ -1,3 +1,4 @@
+import { SSMPARAM_NO_INVALIDATE } from '@aws-cdk/cx-api';
 import { CloudFormation } from 'aws-sdk';
 import { debug } from '../../logging';
 import { deserializeStructure } from '../../serialize';
@@ -11,6 +12,7 @@ export type Template = {
 interface TemplateParameter {
   Type: string;
   Default?: any;
+  Description?: string;
   [key: string]: any;
 }
 
@@ -424,11 +426,12 @@ export class ParameterValues {
   /**
    * Whether this set of parameter updates will change the actual stack values
    */
-  public hasChanges(currentValues: Record<string, string>): boolean {
+  public hasChanges(currentValues: Record<string, string>): ParameterChanges {
     // If any of the parameters are SSM parameters, deploying must always happen
-    // because we can't predict what the values will be.
-    if (Object.values(this.formalParams).some(p => p.Type.startsWith('AWS::SSM::Parameter::'))) {
-      return true;
+    // because we can't predict what the values will be. We will allow some
+    // parameters to opt out of this check by having a magic string in their description.
+    if (Object.values(this.formalParams).some(p => p.Type.startsWith('AWS::SSM::Parameter::') && !p.Description?.includes(SSMPARAM_NO_INVALIDATE))) {
+      return 'ssm';
     }
 
     // Otherwise we're dirty if:
@@ -445,3 +448,5 @@ export class ParameterValues {
     return false;
   }
 }
+
+export type ParameterChanges = boolean | 'ssm';
\ No newline at end of file
diff --git a/packages/aws-cdk/test/util/cloudformation.test.ts b/packages/aws-cdk/test/util/cloudformation.test.ts
index c8c034ba23f67..40a748d50ea37 100644
--- a/packages/aws-cdk/test/util/cloudformation.test.ts
+++ b/packages/aws-cdk/test/util/cloudformation.test.ts
@@ -1,3 +1,4 @@
+import { SSMPARAM_NO_INVALIDATE } from '@aws-cdk/cx-api';
 import { CloudFormationStack, TemplateParameters } from '../../lib/api/util/cloudformation';
 import { MockedObject, MockSdkProvider, SyncHandlerSubsetOf } from './mock-sdk';
 
@@ -81,10 +82,32 @@ test('if a parameter is retrieved from SSM, the parameters always count as chang
   const oldValues = { Foo: '/Some/Key' };
 
   // If we don't pass a new value
-  expect(params.updateExisting({}, oldValues).hasChanges(oldValues)).toEqual(true);
+  expect(params.updateExisting({}, oldValues).hasChanges(oldValues)).toEqual('ssm');
 
   // If we do pass a new value but it's the same as the old one
-  expect(params.updateExisting({ Foo: '/Some/Key' }, oldValues).hasChanges(oldValues)).toEqual(true);
+  expect(params.updateExisting({ Foo: '/Some/Key' }, oldValues).hasChanges(oldValues)).toEqual('ssm');
+});
+
+test('if a parameter is retrieved from SSM, the parameters doesnt count as changed if it has the magic marker', () => {
+  const params = TemplateParameters.fromTemplate({
+    Parameters: {
+      Foo: {
+        Type: 'AWS::SSM::Parameter::Name',
+        Default: '/Some/Key',
+        Description: `blabla ${SSMPARAM_NO_INVALIDATE}`,
+      },
+    },
+  });
+  const oldValues = { Foo: '/Some/Key' };
+
+  // If we don't pass a new value
+  expect(params.updateExisting({}, oldValues).hasChanges(oldValues)).toEqual(false);
+
+  // If we do pass a new value but it's the same as the old one
+  expect(params.updateExisting({ Foo: '/Some/Key' }, oldValues).hasChanges(oldValues)).toEqual(false);
+
+  // If we do pass a new value and it's different
+  expect(params.updateExisting({ Foo: '/OTHER/Key' }, oldValues).hasChanges(oldValues)).toEqual(true);
 });
 
 test('empty string is a valid update value', () => {