@aws-cdk/toolkit-lib 0.1.4 → 0.1.5

package/lib/api/shared-public.d.ts

@@ -1,3 +1,88 @@
+import * as cxapi from '@aws-cdk/cx-api';
+import { CloudFormationStackArtifact } from '@aws-cdk/cx-api';
+import { StackEvent } from '@aws-sdk/client-cloudformation';
+
+/**
+ * Which stacks should be selected from a cloud assembly
+ */
+export declare enum StackSelectionStrategy {
+	/**
+	 * Returns all stacks in the app regardless of patterns,
+	 * including stacks inside nested assemblies.
+	 */
+	ALL_STACKS = "all-stacks",
+	/**
+	 * Returns all stacks in the main (top level) assembly only.
+	 */
+	MAIN_ASSEMBLY = "main-assembly",
+	/**
+	 * If the assembly includes a single stack, returns it.
+	 * Otherwise throws an exception.
+	 */
+	ONLY_SINGLE = "only-single",
+	/**
+	 * Return stacks matched by patterns.
+	 * If no stacks are found, execution is halted successfully.
+	 * Most likely you don't want to use this but `StackSelectionStrategy.MUST_MATCH_PATTERN`
+	 */
+	PATTERN_MATCH = "pattern-match",
+	/**
+	 * Return stacks matched by patterns.
+	 * Throws an exception if the patterns don't match at least one stack in the assembly.
+	 */
+	PATTERN_MUST_MATCH = "pattern-must-match",
+	/**
+	 * Returns if exactly one stack is matched by the pattern(s).
+	 * Throws an exception if no stack, or more than exactly one stack are matched.
+	 */
+	PATTERN_MUST_MATCH_SINGLE = "pattern-must-match-single"
+}
+/**
+ * When selecting stacks, what other stacks to include because of dependencies
+ */
+export declare enum ExpandStackSelection {
+	/**
+	 * Don't select any extra stacks
+	 */
+	NONE = "none",
+	/**
+	 * Include stacks that this stack depends on
+	 */
+	UPSTREAM = "upstream",
+	/**
+	 * Include stacks that depend on this stack
+	 */
+	DOWNSTREAM = "downstream"
+}
+/**
+ * A specification of which stacks should be selected
+ */
+export interface StackSelector {
+	/**
+	 * The behavior if if no selectors are provided.
+	 */
+	strategy: StackSelectionStrategy;
+	/**
+	 * A list of patterns to match the stack hierarchical ids
+	 * Only used with `PATTERN_*` selection strategies.
+	 */
+	patterns?: string[];
+	/**
+	 * Expand the selection to upstream/downstream stacks.
+	 * @default ExpandStackSelection.None only select the specified/matched stacks
+	 */
+	expand?: ExpandStackSelection;
+	/**
+	 * By default, we throw an exception if the assembly contains no stacks.
+	 * Set to `false`, to halt execution for empty assemblies without error.
+	 *
+	 * Note that actions can still throw if a stack selection result is empty,
+	 * but the assembly contains stacks in principle.
+	 *
+	 * @default true
+	 */
+	failOnEmpty?: boolean;
+}
 /**
  * The current action being performed by the CLI. 'none' represents the absence of an action.
  */
@@ -54,10 +139,19 @@ export interface IoMessage<T> {
 	 * This is safe to print to an end-user.
 	 */
 	readonly message: string;
+	/**
+	 * Identifies the message span, this message belongs to.
+	 *
+	 * A message span, groups multiple messages together that semantically related to the same operation.
+	 * This is an otherwise meaningless identifier.
+	 *
+	 * A message without a `spanId`, does not belong to a span.
+	 */
+	readonly span?: string;
 	/**
 	 * The data attached to the message.
 	 */
-	readonly data?: T;
+	readonly data: T;
 }
 /**
  * An IO request emitted.
@@ -73,7 +167,7 @@ export interface IIoHost {
 	 * Notifies the host of a message.
 	 * The caller waits until the notification completes.
 	 */
-	notify<T>(msg: IoMessage<T>): Promise<void>;
+	notify(msg: IoMessage<unknown>): Promise<void>;
 	/**
 	 * Notifies the host of a message that requires a response.
 	 *
@@ -82,49 +176,2289 @@ export interface IIoHost {
 	 */
 	requestResponse<T, U>(msg: IoRequest<T, U>): Promise<U>;
 }
-/**
- * Represents a general toolkit error in the AWS CDK Toolkit.
- */
-export declare class ToolkitError extends Error {
+interface BootstrapRole {
 	/**
-	 * Determines if a given error is an instance of ToolkitError.
+	 * The ARN of the IAM role created as part of bootrapping
+	 * e.g. lookupRoleArn
 	 */
-	static isToolkitError(x: any): x is ToolkitError;
+	readonly arn: string;
 	/**
-	 * Determines if a given error is an instance of AuthenticationError.
+	 * External ID to use when assuming the bootstrap role
+	 *
+	 * @default - No external ID
 	 */
-	static isAuthenticationError(x: any): x is AuthenticationError;
+	readonly assumeRoleExternalId?: string;
 	/**
-	 * Determines if a given error is an instance of AssemblyError.
+	 * Additional options to pass to STS when assuming the role.
+	 *
+	 * - `RoleArn` should not be used. Use the dedicated `arn` property instead.
+	 * - `ExternalId` should not be used. Use the dedicated `assumeRoleExternalId` instead.
+	 *
+	 * @see https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property
+	 * @default - No additional options.
 	 */
-	static isAssemblyError(x: any): x is AssemblyError;
+	readonly assumeRoleAdditionalOptions?: {
+		[key: string]: any;
+	};
 	/**
-	 * Determines if a given error is an instance of AssemblyError.
+	 * Version of bootstrap stack required to use this role
+	 *
+	 * @default - No bootstrap stack required
 	 */
-	static isContextProviderError(x: any): x is ContextProviderError;
+	readonly requiresBootstrapStackVersion?: number;
 	/**
-	 * The type of the error, defaults to "toolkit".
+	 * Name of SSM parameter with bootstrap stack version
+	 *
+	 * @default - Discover SSM parameter by reading stack
+	 */
+	readonly bootstrapStackVersionSsmParameter?: string;
+}
+interface AwsCloudFormationStackProperties {
+	/**
+	 * A file relative to the assembly root which contains the CloudFormation template for this stack.
+	 */
+	readonly templateFile: string;
+	/**
+	 * Values for CloudFormation stack parameters that should be passed when the stack is deployed.
+	 *
+	 * @default - No parameters
+	 */
+	readonly parameters?: {
+		[id: string]: string;
+	};
+	/**
+	 * Values for CloudFormation stack tags that should be passed when the stack is deployed.
+	 *
+	 * @default - No tags
+	 */
+	readonly tags?: {
+		[id: string]: string;
+	};
+	/**
+	 * SNS Notification ARNs that should receive CloudFormation Stack Events.
+	 *
+	 * @default - No notification arns
+	 */
+	readonly notificationArns?: string[];
+	/**
+	 * The name to use for the CloudFormation stack.
+	 * @default - name derived from artifact ID
+	 */
+	readonly stackName?: string;
+	/**
+	 * Whether to enable termination protection for this stack.
+	 *
+	 * @default false
+	 */
+	readonly terminationProtection?: boolean;
+	/**
+	 * The role that needs to be assumed to deploy the stack
+	 *
+	 * @default - No role is assumed (current credentials are used)
+	 */
+	readonly assumeRoleArn?: string;
+	/**
+	 * External ID to use when assuming role for cloudformation deployments
+	 *
+	 * @default - No external ID
+	 */
+	readonly assumeRoleExternalId?: string;
+	/**
+	 * Additional options to pass to STS when assuming the role.
+	 *
+	 * - `RoleArn` should not be used. Use the dedicated `assumeRoleArn` property instead.
+	 * - `ExternalId` should not be used. Use the dedicated `assumeRoleExternalId` instead.
+	 *
+	 * @see https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property
+	 * @default - No additional options.
+	 */
+	readonly assumeRoleAdditionalOptions?: {
+		[key: string]: any;
+	};
+	/**
+	 * The role that is passed to CloudFormation to execute the change set
+	 *
+	 * @default - No role is passed (currently assumed role/credentials are used)
+	 */
+	readonly cloudFormationExecutionRoleArn?: string;
+	/**
+	 * The role to use to look up values from the target AWS account
+	 *
+	 * @default - No role is assumed (current credentials are used)
+	 */
+	readonly lookupRole?: BootstrapRole;
+	/**
+	 * If the stack template has already been included in the asset manifest, its asset URL
+	 *
+	 * @default - Not uploaded yet, upload just before deploying
+	 */
+	readonly stackTemplateAssetObjectUrl?: string;
+	/**
+	 * Version of bootstrap stack required to deploy this stack
+	 *
+	 * @default - No bootstrap stack required
+	 */
+	readonly requiresBootstrapStackVersion?: number;
+	/**
+	 * SSM parameter where the bootstrap stack version number can be found
+	 *
+	 * Only used if `requiresBootstrapStackVersion` is set.
+	 *
+	 * - If this value is not set, the bootstrap stack name must be known at
+	 *   deployment time so the stack version can be looked up from the stack
+	 *   outputs.
+	 * - If this value is set, the bootstrap stack can have any name because
+	 *   we won't need to look it up.
+	 *
+	 * @default - Bootstrap stack version number looked up
+	 */
+	readonly bootstrapStackVersionSsmParameter?: string;
+	/**
+	 * Whether this stack should be validated by the CLI after synthesis
+	 *
+	 * @default - false
+	 */
+	readonly validateOnSynth?: boolean;
+}
+interface AssetManifestOptions {
+	/**
+	 * Version of bootstrap stack required to deploy this stack
+	 *
+	 * @default - Version 1 (basic modern bootstrap stack)
+	 */
+	readonly requiresBootstrapStackVersion?: number;
+	/**
+	 * SSM parameter where the bootstrap stack version number can be found
+	 *
+	 * - If this value is not set, the bootstrap stack name must be known at
+	 *   deployment time so the stack version can be looked up from the stack
+	 *   outputs.
+	 * - If this value is set, the bootstrap stack can have any name because
+	 *   we won't need to look it up.
+	 *
+	 * @default - Bootstrap stack version number looked up
+	 */
+	readonly bootstrapStackVersionSsmParameter?: string;
+}
+interface AssetManifestProperties extends AssetManifestOptions {
+	/**
+	 * Filename of the asset manifest
+	 */
+	readonly file: string;
+}
+interface TreeArtifactProperties {
+	/**
+	 * Filename of the tree artifact
+	 */
+	readonly file: string;
+}
+interface NestedCloudAssemblyProperties {
+	/**
+	 * Relative path to the nested cloud assembly
+	 */
+	readonly directoryName: string;
+	/**
+	 * Display name for the cloud assembly
+	 *
+	 * @default - The artifact ID
+	 */
+	readonly displayName?: string;
+}
+type ArtifactProperties = AwsCloudFormationStackProperties | AssetManifestProperties | TreeArtifactProperties | NestedCloudAssemblyProperties;
+interface BaseAssetMetadataEntry {
+	/**
+	 * Requested packaging style
+	 */
+	readonly packaging: string;
+	/**
+	 * Logical identifier for the asset
+	 */
+	readonly id: string;
+	/**
+	 * The hash of the asset source.
+	 */
+	readonly sourceHash: string;
+	/**
+	 * Path on disk to the asset
+	 */
+	readonly path: string;
+}
+interface FileAssetMetadataEntry extends BaseAssetMetadataEntry {
+	/**
+	 * Requested packaging style
+	 */
+	readonly packaging: "zip" | "file";
+	/**
+	 * Name of parameter where S3 bucket should be passed in
+	 */
+	readonly s3BucketParameter: string;
+	/**
+	 * Name of parameter where S3 key should be passed in
+	 */
+	readonly s3KeyParameter: string;
+	/**
+	 * The name of the parameter where the hash of the bundled asset should be passed in.
+	 */
+	readonly artifactHashParameter: string;
+}
+interface Tag {
+	/**
+	 * Tag key.
+	 *
+	 * (In the actual file on disk this will be cased as "Key", and the structure is
+	 * patched to match this structure upon loading:
+	 * https://github.com/aws/aws-cdk/blob/4aadaa779b48f35838cccd4e25107b2338f05547/packages/%40aws-cdk/cloud-assembly-schema/lib/manifest.ts#L137)
+	 */
+	readonly key: string;
+	/**
+	 * Tag value.
+	 *
+	 * (In the actual file on disk this will be cased as "Value", and the structure is
+	 * patched to match this structure upon loading:
+	 * https://github.com/aws/aws-cdk/blob/4aadaa779b48f35838cccd4e25107b2338f05547/packages/%40aws-cdk/cloud-assembly-schema/lib/manifest.ts#L137)
+	 */
+	readonly value: string;
+}
+interface ContainerImageAssetCacheOption {
+	/**
+	 * The type of cache to use.
+	 * Refer to https://docs.docker.com/build/cache/backends/ for full list of backends.
+	 * @default - unspecified
+	 *
+	 * @example 'registry'
 	 */
 	readonly type: string;
-	constructor(message: string, type?: string);
+	/**
+	 * Any parameters to pass into the docker cache backend configuration.
+	 * Refer to https://docs.docker.com/build/cache/backends/ for cache backend configuration.
+	 * @default {} No options provided
+	 *
+	 * @example
+	 * declare const branch: string;
+	 *
+	 * const params = {
+	 *   ref: `12345678.dkr.ecr.us-west-2.amazonaws.com/cache:${branch}`,
+	 *   mode: "max",
+	 * };
+	 */
+	readonly params?: {
+		[key: string]: string;
+	};
 }
-/**
- * Represents an authentication-specific error in the AWS CDK Toolkit.
- */
-export declare class AuthenticationError extends ToolkitError {
-	constructor(message: string);
+interface ContainerImageAssetMetadataEntry extends BaseAssetMetadataEntry {
+	/**
+	 * Type of asset
+	 */
+	readonly packaging: "container-image";
+	/**
+	 * ECR Repository name and repo digest (separated by "@sha256:") where this
+	 * image is stored.
+	 *
+	 * @default undefined If not specified, `repositoryName` and `imageTag` are
+	 * required because otherwise how will the stack know where to find the asset,
+	 * ha?
+	 * @deprecated specify `repositoryName` and `imageTag` instead, and then you
+	 * know where the image will go.
+	 */
+	readonly imageNameParameter?: string;
+	/**
+	 * ECR repository name, if omitted a default name based on the asset's ID is
+	 * used instead. Specify this property if you need to statically address the
+	 * image, e.g. from a Kubernetes Pod. Note, this is only the repository name,
+	 * without the registry and the tag parts.
+	 *
+	 * @default - this parameter is REQUIRED after 1.21.0
+	 */
+	readonly repositoryName?: string;
+	/**
+	 * The docker image tag to use for tagging pushed images. This field is
+	 * required if `imageParameterName` is ommited (otherwise, the app won't be
+	 * able to find the image).
+	 *
+	 * @default - this parameter is REQUIRED after 1.21.0
+	 */
+	readonly imageTag?: string;
+	/**
+	 * Build args to pass to the `docker build` command
+	 *
+	 * @default no build args are passed
+	 */
+	readonly buildArgs?: {
+		[key: string]: string;
+	};
+	/**
+	 * SSH agent socket or keys to pass to the `docker build` command
+	 *
+	 * @default no ssh arg is passed
+	 */
+	readonly buildSsh?: string;
+	/**
+	 * Build secrets to pass to the `docker build` command
+	 *
+	 * @default no build secrets are passed
+	 */
+	readonly buildSecrets?: {
+		[key: string]: string;
+	};
+	/**
+	 * Docker target to build to
+	 *
+	 * @default no build target
+	 */
+	readonly target?: string;
+	/**
+	 * Path to the Dockerfile (relative to the directory).
+	 *
+	 * @default - no file is passed
+	 */
+	readonly file?: string;
+	/**
+	 * Networking mode for the RUN commands during build.
+	 *
+	 * @default - no networking mode specified
+	 */
+	readonly networkMode?: string;
+	/**
+	 * Platform to build for. _Requires Docker Buildx_.
+	 *
+	 * @default - current machine platform
+	 */
+	readonly platform?: string;
+	/**
+	 * Outputs to pass to the `docker build` command.
+	 *
+	 * @default - no outputs are passed to the build command (default outputs are used)
+	 * @see https://docs.docker.com/engine/reference/commandline/build/#custom-build-outputs
+	 */
+	readonly outputs?: string[];
+	/**
+	 * Cache from options to pass to the `docker build` command.
+	 *
+	 * @default - no cache from options are passed to the build command
+	 * @see https://docs.docker.com/build/cache/backends/
+	 */
+	readonly cacheFrom?: ContainerImageAssetCacheOption[];
+	/**
+	 * Cache to options to pass to the `docker build` command.
+	 *
+	 * @default - no cache to options are passed to the build command
+	 * @see https://docs.docker.com/build/cache/backends/
+	 */
+	readonly cacheTo?: ContainerImageAssetCacheOption;
+	/**
+	 * Disable the cache and pass `--no-cache` to the `docker build` command.
+	 *
+	 * @default - cache is used
+	 */
+	readonly cacheDisabled?: boolean;
 }
-/**
- * Represents an authentication-specific error in the AWS CDK Toolkit.
- */
-export declare class AssemblyError extends ToolkitError {
-	constructor(message: string);
+type AssetMetadataEntry = FileAssetMetadataEntry | ContainerImageAssetMetadataEntry;
+type LogMessageMetadataEntry = string;
+type LogicalIdMetadataEntry = string;
+type StackTagsMetadataEntry = Tag[];
+type PrimitiveType = boolean | number | string;
+type MetadataEntryData = AssetMetadataEntry | LogMessageMetadataEntry | LogicalIdMetadataEntry | StackTagsMetadataEntry | PrimitiveType;
+declare enum ArtifactMetadataEntryType {
+	/**
+	 * Asset in metadata.
+	 */
+	ASSET = "aws:cdk:asset",
+	/**
+	 * Metadata key used to print INFO-level messages by the toolkit when an app is syntheized.
+	 */
+	INFO = "aws:cdk:info",
+	/**
+	 * Metadata key used to print WARNING-level messages by the toolkit when an app is syntheized.
+	 */
+	WARN = "aws:cdk:warning",
+	/**
+	 * Metadata key used to print ERROR-level messages by the toolkit when an app is syntheized.
+	 */
+	ERROR = "aws:cdk:error",
+	/**
+	 * Represents the CloudFormation logical ID of a resource at a certain path.
+	 */
+	LOGICAL_ID = "aws:cdk:logicalId",
+	/**
+	 * Represents tags of a stack.
+	 */
+	STACK_TAGS = "aws:cdk:stack-tags"
 }
-/**
- * Represents an error originating from a Context Provider
- */
-export declare class ContextProviderError extends ToolkitError {
-	constructor(message: string);
+interface MetadataEntry {
+	/**
+	 * The type of the metadata entry.
+	 */
+	readonly type: string;
+	/**
+	 * The data.
+	 *
+	 * @default - no data.
+	 */
+	readonly data?: MetadataEntryData;
+	/**
+	 * A stack trace for when the entry was created.
+	 *
+	 * @default - no trace.
+	 */
+	readonly trace?: string[];
 }
+declare enum ContextProvider {
+	/**
+	 * AMI provider
+	 */
+	AMI_PROVIDER = "ami",
+	/**
+	 * AZ provider
+	 */
+	AVAILABILITY_ZONE_PROVIDER = "availability-zones",
+	/**
+	 * Route53 Hosted Zone provider
+	 */
+	HOSTED_ZONE_PROVIDER = "hosted-zone",
+	/**
+	 * SSM Parameter Provider
+	 */
+	SSM_PARAMETER_PROVIDER = "ssm",
+	/**
+	 * VPC Provider
+	 */
+	VPC_PROVIDER = "vpc-provider",
+	/**
+	 * VPC Endpoint Service AZ Provider
+	 */
+	ENDPOINT_SERVICE_AVAILABILITY_ZONE_PROVIDER = "endpoint-service-availability-zones",
+	/**
+	 * Load balancer provider
+	 */
+	LOAD_BALANCER_PROVIDER = "load-balancer",
+	/**
+	 * Load balancer listener provider
+	 */
+	LOAD_BALANCER_LISTENER_PROVIDER = "load-balancer-listener",
+	/**
+	 * Security group provider
+	 */
+	SECURITY_GROUP_PROVIDER = "security-group",
+	/**
+	 * KMS Key Provider
+	 */
+	KEY_PROVIDER = "key-provider",
+	/**
+	 * CCAPI Provider
+	 */
+	CC_API_PROVIDER = "cc-api-provider",
+	/**
+	 * A plugin provider (the actual plugin name will be in the properties)
+	 */
+	PLUGIN = "plugin"
+}
+interface ContextLookupRoleOptions {
+	/**
+	 * Query account
+	 */
+	readonly account: string;
+	/**
+	 * Query region
+	 */
+	readonly region: string;
+	/**
+	 * The ARN of the role that should be used to look up the missing values
+	 *
+	 * @default - None
+	 */
+	readonly lookupRoleArn?: string;
+	/**
+	 * The ExternalId that needs to be supplied while assuming this role
+	 *
+	 * @default - No ExternalId will be supplied
+	 */
+	readonly lookupRoleExternalId?: string;
+	/**
+	 * Additional options to pass to STS when assuming the lookup role.
+	 *
+	 * - `RoleArn` should not be used. Use the dedicated `lookupRoleArn` property instead.
+	 * - `ExternalId` should not be used. Use the dedicated `lookupRoleExternalId` instead.
+	 *
+	 * @see https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property
+	 * @default - No additional options.
+	 */
+	readonly assumeRoleAdditionalOptions?: {
+		[key: string]: any;
+	};
+}
+interface AmiContextQuery extends ContextLookupRoleOptions {
+	/**
+	 * Owners to DescribeImages call
+	 *
+	 * @default - All owners
+	 */
+	readonly owners?: string[];
+	/**
+	 * Filters to DescribeImages call
+	 */
+	readonly filters: {
+		[key: string]: string[];
+	};
+}
+interface AvailabilityZonesContextQuery extends ContextLookupRoleOptions {
+}
+interface HostedZoneContextQuery extends ContextLookupRoleOptions {
+	/**
+	 * The domain name e.g. example.com to lookup
+	 */
+	readonly domainName: string;
+	/**
+	 * True if the zone you want to find is a private hosted zone
+	 *
+	 * @default false
+	 */
+	readonly privateZone?: boolean;
+	/**
+	 * The VPC ID to that the private zone must be associated with
+	 *
+	 * If you provide VPC ID and privateZone is false, this will return no results
+	 * and raise an error.
+	 *
+	 * @default - Required if privateZone=true
+	 */
+	readonly vpcId?: string;
+}
+interface SSMParameterContextQuery extends ContextLookupRoleOptions {
+	/**
+	 * Parameter name to query
+	 */
+	readonly parameterName: string;
+}
+interface VpcContextQuery extends ContextLookupRoleOptions {
+	/**
+	 * Filters to apply to the VPC
+	 *
+	 * Filter parameters are the same as passed to DescribeVpcs.
+	 *
+	 * @see https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcs.html
+	 */
+	readonly filter: {
+		[key: string]: string;
+	};
+	/**
+	 * Whether to populate the subnetGroups field of the `VpcContextResponse`,
+	 * which contains potentially asymmetric subnet groups.
+	 *
+	 * @default false
+	 */
+	readonly returnAsymmetricSubnets?: boolean;
+	/**
+	 * Optional tag for subnet group name.
+	 * If not provided, we'll look at the aws-cdk:subnet-name tag.
+	 * If the subnet does not have the specified tag,
+	 * we'll use its type as the name.
+	 *
+	 * @default 'aws-cdk:subnet-name'
+	 */
+	readonly subnetGroupNameTag?: string;
+	/**
+	 * Whether to populate the `vpnGatewayId` field of the `VpcContextResponse`,
+	 * which contains the VPN Gateway ID, if one exists. You can explicitly
+	 * disable this in order to avoid the lookup if you know the VPC does not have
+	 * a VPN Gatway attached.
+	 *
+	 * @default true
+	 */
+	readonly returnVpnGateways?: boolean;
+}
+interface EndpointServiceAvailabilityZonesContextQuery extends ContextLookupRoleOptions {
+	/**
+	 * Query service name
+	 */
+	readonly serviceName: string;
+}
+declare enum LoadBalancerType {
+	/**
+	 * Network load balancer
+	 */
+	NETWORK = "network",
+	/**
+	 * Application load balancer
+	 */
+	APPLICATION = "application"
+}
+interface LoadBalancerFilter extends ContextLookupRoleOptions {
+	/**
+	 * Filter load balancers by their type
+	 */
+	readonly loadBalancerType: LoadBalancerType;
+	/**
+	 * Find by load balancer's ARN
+	 * @default - does not search by load balancer arn
+	 */
+	readonly loadBalancerArn?: string;
+	/**
+	 * Match load balancer tags
+	 * @default - does not match load balancers by tags
+	 */
+	readonly loadBalancerTags?: Tag[];
+}
+interface LoadBalancerContextQuery extends LoadBalancerFilter {
+}
+declare enum LoadBalancerListenerProtocol {
+	/**
+	 * HTTP protocol
+	 */
+	HTTP = "HTTP",
+	/**
+	 * HTTPS protocol
+	 */
+	HTTPS = "HTTPS",
+	/**
+	 * TCP protocol
+	 */
+	TCP = "TCP",
+	/**
+	 * TLS protocol
+	 */
+	TLS = "TLS",
+	/**
+	 * UDP protocol
+	 * */
+	UDP = "UDP",
+	/**
+	 * TCP and UDP protocol
+	 * */
+	TCP_UDP = "TCP_UDP"
+}
+interface LoadBalancerListenerContextQuery extends LoadBalancerFilter {
+	/**
+	 * Find by listener's arn
+	 * @default - does not find by listener arn
+	 */
+	readonly listenerArn?: string;
+	/**
+	 * Filter by listener protocol
+	 * @default - does not filter by listener protocol
+	 */
+	readonly listenerProtocol?: LoadBalancerListenerProtocol;
+	/**
+	 * Filter listeners by listener port
+	 * @default - does not filter by a listener port
+	 */
+	readonly listenerPort?: number;
+}
+interface SecurityGroupContextQuery extends ContextLookupRoleOptions {
+	/**
+	 * Security group id
+	 *
+	 * @default - None
+	 */
+	readonly securityGroupId?: string;
+	/**
+	 * Security group name
+	 *
+	 * @default - None
+	 */
+	readonly securityGroupName?: string;
+	/**
+	 * VPC ID
+	 *
+	 * @default - None
+	 */
+	readonly vpcId?: string;
+}
+interface KeyContextQuery extends ContextLookupRoleOptions {
+	/**
+	 * Alias name used to search the Key
+	 */
+	readonly aliasName: string;
+}
+interface CcApiContextQuery extends ContextLookupRoleOptions {
+	/**
+	 * The Cloudformation resource type.
+	 * See https://docs.aws.amazon.com/cloudcontrolapi/latest/userguide/supported-resources.html
+	 */
+	readonly typeName: string;
+	/**
+	 * exactIdentifier of the resource.
+	 * Specifying exactIdentifier will return at most one result.
+	 * Either exactIdentifier or propertyMatch should be specified.
+	 * @default - None
+	 */
+	readonly exactIdentifier?: string;
+	/**
+	 * This indicates the property to search for.
+	 * If both exactIdentifier and propertyMatch are specified, then exactIdentifier is used.
+	 * Specifying propertyMatch will return 0 or more results.
+	 * Either exactIdentifier or propertyMatch should be specified.
+	 * @default - None
+	 */
+	readonly propertyMatch?: Record<string, unknown>;
+	/**
+	 * This is a set of properties returned from CC API that we want to return from ContextQuery.
+	 */
+	readonly propertiesToReturn: string[];
+}
+interface PluginContextQuery {
+	/**
+	 * The name of the plugin
+	 */
+	readonly pluginName: string;
+	/**
+	 * Arbitrary other arguments for the plugin.
+	 *
+	 * This index signature is not usable in non-TypeScript/JavaScript languages.
+	 *
+	 * @jsii ignore
+	 */
+	[key: string]: any;
+}
+type ContextQueryProperties = AmiContextQuery | AvailabilityZonesContextQuery | HostedZoneContextQuery | SSMParameterContextQuery | VpcContextQuery | EndpointServiceAvailabilityZonesContextQuery | LoadBalancerContextQuery | LoadBalancerListenerContextQuery | SecurityGroupContextQuery | KeyContextQuery | CcApiContextQuery | PluginContextQuery;
+declare enum ArtifactType {
+	/**
+	 * Stub required because of JSII.
+	 */
+	NONE = "none",// required due to a jsii bug
+	/**
+	 * The artifact is an AWS CloudFormation stack.
+	 */
+	AWS_CLOUDFORMATION_STACK = "aws:cloudformation:stack",
+	/**
+	 * The artifact contains the CDK application's construct tree.
+	 */
+	CDK_TREE = "cdk:tree",
+	/**
+	 * Manifest for all assets in the Cloud Assembly
+	 */
+	ASSET_MANIFEST = "cdk:asset-manifest",
+	/**
+	 * Nested Cloud Assembly
+	 */
+	NESTED_CLOUD_ASSEMBLY = "cdk:cloud-assembly"
+}
+interface RuntimeInfo {
+	/**
+	 * The list of libraries loaded in the application, associated with their versions.
+	 */
+	readonly libraries: {
+		[name: string]: string;
+	};
+}
+interface MissingContext {
+	/**
+	 * The missing context key.
+	 */
+	readonly key: string;
+	/**
+	 * The provider from which we expect this context key to be obtained.
+	 */
+	readonly provider: ContextProvider;
+	/**
+	 * A set of provider-specific options.
+	 */
+	readonly props: ContextQueryProperties;
+}
+interface ArtifactManifest {
+	/**
+	 * The type of artifact.
+	 */
+	readonly type: ArtifactType;
+	/**
+	 * The environment into which this artifact is deployed.
+	 *
+	 * @default - no envrionment.
+	 */
+	readonly environment?: string;
+	/**
+	 * Associated metadata.
+	 *
+	 * @default - no metadata.
+	 */
+	readonly metadata?: {
+		[path: string]: MetadataEntry[];
+	};
+	/**
+	 * IDs of artifacts that must be deployed before this artifact.
+	 *
+	 * @default - no dependencies.
+	 */
+	readonly dependencies?: string[];
+	/**
+	 * The set of properties for this artifact (depends on type)
+	 *
+	 * @default - no properties.
+	 */
+	readonly properties?: ArtifactProperties;
+	/**
+	 * A string that represents this artifact. Should only be used in user interfaces.
+	 *
+	 * @default - no display name
+	 */
+	readonly displayName?: string;
+}
+interface AssemblyManifest {
+	/**
+	 * Protocol version
+	 */
+	readonly version: string;
+	/**
+	 * Required CLI version, if available
+	 *
+	 * If the manifest producer knows, it can put the minimum version of the CLI
+	 * here that supports reading this assembly.
+	 *
+	 * If set, it can be used to show a more informative error message to users.
+	 *
+	 * @default - Minimum CLI version unknown
+	 */
+	readonly minimumCliVersion?: string;
+	/**
+	 * The set of artifacts in this assembly.
+	 *
+	 * @default - no artifacts.
+	 */
+	readonly artifacts?: {
+		[id: string]: ArtifactManifest;
+	};
+	/**
+	 * Missing context information. If this field has values, it means that the
+	 * cloud assembly is not complete and should not be deployed.
+	 *
+	 * @default - no missing context.
+	 */
+	readonly missing?: MissingContext[];
+	/**
+	 * Runtime information.
+	 *
+	 * @default - no info.
+	 */
+	readonly runtime?: RuntimeInfo;
+}
+interface ICloudAssembly {
+	/**
+	 * The directory of the cloud assembly.
+	 *
+	 * This directory will be used to read the Cloud Assembly from.
+	 * Its contents (in particular `manifest.json`) must comply with the schema defined in this package.
+	 */
+	readonly directory: string;
+}
+interface AwsDestination {
+	/**
+	 * The region where this asset will need to be published
+	 *
+	 * @default - Current region
+	 */
+	readonly region?: string;
+	/**
+	 * The role that needs to be assumed while publishing this asset
+	 *
+	 * @default - No role will be assumed
+	 */
+	readonly assumeRoleArn?: string;
+	/**
+	 * The ExternalId that needs to be supplied while assuming this role
+	 *
+	 * @default - No ExternalId will be supplied
+	 */
+	readonly assumeRoleExternalId?: string;
+	/**
+	 * Additional options to pass to STS when assuming the role.
+	 *
+	 * - `RoleArn` should not be used. Use the dedicated `assumeRoleArn` property instead.
+	 * - `ExternalId` should not be used. Use the dedicated `assumeRoleExternalId` instead.
+	 *
+	 * @see https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property
+	 * @default - No additional options.
+	 */
+	readonly assumeRoleAdditionalOptions?: {
+		[key: string]: any;
+	};
+}
+interface DockerImageAsset {
+	/**
+	 * A display name for this asset
+	 *
+	 * @default - The identifier will be used as the display name
+	 */
+	readonly displayName?: string;
+	/**
+	 * Source description for container assets
+	 */
+	readonly source: DockerImageSource;
+	/**
+	 * Destinations for this container asset
+	 */
+	readonly destinations: {
+		[id: string]: DockerImageDestination;
+	};
+}
+interface DockerImageSource {
+	/**
+	 * The directory containing the Docker image build instructions.
+	 *
+	 * This path is relative to the asset manifest location.
+	 *
+	 * @default - Exactly one of `directory` and `executable` is required
+	 */
+	readonly directory?: string;
+	/**
+	 * A command-line executable that returns the name of a local
+	 * Docker image on stdout after being run.
+	 *
+	 * @default - Exactly one of `directory` and `executable` is required
+	 */
+	readonly executable?: string[];
+	/**
+	 * The name of the file with build instructions
+	 *
+	 * Only allowed when `directory` is set.
+	 *
+	 * @default "Dockerfile"
+	 */
+	readonly dockerFile?: string;
+	/**
+	 * Target build stage in a Dockerfile with multiple build stages
+	 *
+	 * Only allowed when `directory` is set.
+	 *
+	 * @default - The last stage in the Dockerfile
+	 */
+	readonly dockerBuildTarget?: string;
+	/**
+	 * Additional build arguments
+	 *
+	 * Only allowed when `directory` is set.
+	 *
+	 * @default - No additional build arguments
+	 */
+	readonly dockerBuildArgs?: {
+		[name: string]: string;
+	};
+	/**
+	 * SSH agent socket or keys
+	 *
+	 * Requires building with docker buildkit.
+	 *
+	 * @default - No ssh flag is set
+	 */
+	readonly dockerBuildSsh?: string;
+	/**
+	 * Additional build secrets
+	 *
+	 * Only allowed when `directory` is set.
+	 *
+	 * @default - No additional build secrets
+	 */
+	readonly dockerBuildSecrets?: {
+		[name: string]: string;
+	};
+	/**
+	 * Networking mode for the RUN commands during build. _Requires Docker Engine API v1.25+_.
+	 *
+	 * Specify this property to build images on a specific networking mode.
+	 *
+	 * @default - no networking mode specified
+	 */
+	readonly networkMode?: string;
+	/**
+	 * Platform to build for. _Requires Docker Buildx_.
+	 *
+	 * Specify this property to build images on a specific platform/architecture.
+	 *
+	 * @default - current machine platform
+	 */
+	readonly platform?: string;
+	/**
+	 * Outputs
+	 *
+	 * @default - no outputs are passed to the build command (default outputs are used)
+	 * @see https://docs.docker.com/engine/reference/commandline/build/#custom-build-outputs
+	 */
+	readonly dockerOutputs?: string[];
+	/**
+	 * Cache from options to pass to the `docker build` command.
+	 *
+	 * @default - no cache from options are passed to the build command
+	 * @see https://docs.docker.com/build/cache/backends/
+	 */
+	readonly cacheFrom?: DockerCacheOption[];
+	/**
+	 * Cache to options to pass to the `docker build` command.
+	 *
+	 * @default - no cache to options are passed to the build command
+	 * @see https://docs.docker.com/build/cache/backends/
+	 */
+	readonly cacheTo?: DockerCacheOption;
+	/**
+	 * Disable the cache and pass `--no-cache` to the `docker build` command.
+	 *
+	 * @default - cache is used
+	 */
+	readonly cacheDisabled?: boolean;
+}
+interface DockerImageDestination extends AwsDestination {
+	/**
+	 * Name of the ECR repository to publish to
+	 */
+	readonly repositoryName: string;
+	/**
+	 * Tag of the image to publish
+	 */
+	readonly imageTag: string;
+}
+interface DockerCacheOption {
+	/**
+	 * The type of cache to use.
+	 * Refer to https://docs.docker.com/build/cache/backends/ for full list of backends.
+	 * @default - unspecified
+	 *
+	 * @example 'registry'
+	 */
+	readonly type: string;
+	/**
+	 * Any parameters to pass into the docker cache backend configuration.
+	 * Refer to https://docs.docker.com/build/cache/backends/ for cache backend configuration.
+	 * @default {} No options provided
+	 *
+	 * @example
+	 * declare const branch: string;
+	 *
+	 * const params = {
+	 *   ref: `12345678.dkr.ecr.us-west-2.amazonaws.com/cache:${branch}`,
+	 *   mode: "max",
+	 * };
+	 */
+	readonly params?: {
+		[key: string]: string;
+	};
+}
+interface FileAsset {
+	/**
+	 * A display name for this asset
+	 *
+	 * @default - The identifier will be used as the display name
+	 */
+	readonly displayName?: string;
+	/**
+	 * Source description for file assets
+	 */
+	readonly source: FileSource;
+	/**
+	 * Destinations for this file asset
+	 */
+	readonly destinations: {
+		[id: string]: FileDestination;
+	};
+}
+declare enum FileAssetPackaging {
+	/**
+	 * Upload the given path as a file
+	 */
+	FILE = "file",
+	/**
+	 * The given path is a directory, zip it and upload
+	 */
+	ZIP_DIRECTORY = "zip"
+}
+interface FileSource {
+	/**
+	 * External command which will produce the file asset to upload.
+	 *
+	 * @default - Exactly one of `executable` and `path` is required.
+	 */
+	readonly executable?: string[];
+	/**
+	 * The filesystem object to upload
+	 *
+	 * This path is relative to the asset manifest location.
+	 *
+	 * @default - Exactly one of `executable` and `path` is required.
+	 */
+	readonly path?: string;
+	/**
+	 * Packaging method
+	 *
+	 * Only allowed when `path` is specified.
+	 *
+	 * @default FILE
+	 */
+	readonly packaging?: FileAssetPackaging;
+}
+interface FileDestination extends AwsDestination {
+	/**
+	 * The name of the bucket
+	 */
+	readonly bucketName: string;
+	/**
+	 * The destination object key
+	 */
+	readonly objectKey: string;
+}
+interface AssetManifest {
+	/**
+	 * Version of the manifest
+	 */
+	readonly version: string;
+	/**
+	 * The file assets in this manifest
+	 *
+	 * @default - No files
+	 */
+	readonly files?: {
+		[id: string]: FileAsset;
+	};
+	/**
+	 * The Docker image assets in this manifest
+	 *
+	 * @default - No Docker images
+	 */
+	readonly dockerImages?: {
+		[id: string]: DockerImageAsset;
+	};
+}
+declare enum RequireApproval {
+	/**
+	 * Never ask for approval
+	 */
+	NEVER = "never",
+	/**
+	 * Prompt for approval for any type of change to the stack
+	 */
+	ANYCHANGE = "any-change",
+	/**
+	 * Only prompt for approval if there are security related changes
+	 */
+	BROADENING = "broadening"
+}
+interface DefaultCdkOptions {
+	/**
+	 * List of stacks to deploy
+	 *
+	 * Requried if `all` is not set
+	 *
+	 * @default - []
+	 */
+	readonly stacks?: string[];
+	/**
+	 * Deploy all stacks
+	 *
+	 * Requried if `stacks` is not set
+	 *
+	 * @default - false
+	 */
+	readonly all?: boolean;
+	/**
+	 * command-line for executing your app or a cloud assembly directory
+	 * e.g. "node bin/my-app.js"
+	 * or
+	 * "cdk.out"
+	 *
+	 * @default - read from cdk.json
+	 */
+	readonly app?: string;
+	/**
+	 * Role to pass to CloudFormation for deployment
+	 *
+	 * @default - use the bootstrap cfn-exec role
+	 */
+	readonly roleArn?: string;
+	/**
+	 * Additional context
+	 *
+	 * @default - no additional context
+	 */
+	readonly context?: {
+		[name: string]: string;
+	};
+	/**
+	 * Print trace for stack warnings
+	 *
+	 * @default false
+	 */
+	readonly trace?: boolean;
+	/**
+	 * Do not construct stacks with warnings
+	 *
+	 * @default false
+	 */
+	readonly strict?: boolean;
+	/**
+	 * Perform context lookups.
+	 *
+	 * Synthesis fails if this is disabled and context lookups need
+	 * to be performed
+	 *
+	 * @default true
+	 */
+	readonly lookups?: boolean;
+	/**
+	 * Ignores synthesis errors, which will likely produce an invalid output
+	 *
+	 * @default false
+	 */
+	readonly ignoreErrors?: boolean;
+	/**
+	 * Use JSON output instead of YAML when templates are printed
+	 * to STDOUT
+	 *
+	 * @default false
+	 */
+	readonly json?: boolean;
+	/**
+	 * show debug logs
+	 *
+	 * @default false
+	 */
+	readonly verbose?: boolean;
+	/**
+	 * enable emission of additional debugging information, such as creation stack
+	 * traces of tokens
+	 *
+	 * @default false
+	 */
+	readonly debug?: boolean;
+	/**
+	 * Use the indicated AWS profile as the default environment
+	 *
+	 * @default - no profile is used
+	 */
+	readonly profile?: string;
+	/**
+	 * Use the indicated proxy. Will read from
+	 * HTTPS_PROXY environment if specified
+	 *
+	 * @default - no proxy
+	 */
+	readonly proxy?: string;
+	/**
+	 * Path to CA certificate to use when validating HTTPS
+	 * requests.
+	 *
+	 * @default - read from AWS_CA_BUNDLE environment variable
+	 */
+	readonly caBundlePath?: string;
+	/**
+	 * Force trying to fetch EC2 instance credentials
+	 *
+	 * @default - guess EC2 instance status
+	 */
+	readonly ec2Creds?: boolean;
+	/**
+	 * Include "AWS::CDK::Metadata" resource in synthesized templates
+	 *
+	 * @default true
+	 */
+	readonly versionReporting?: boolean;
+	/**
+	 * Include "aws:cdk:path" CloudFormation metadata for each resource
+	 *
+	 * @default true
+	 */
+	readonly pathMetadata?: boolean;
+	/**
+	 * Include "aws:asset:*" CloudFormation metadata for resources that use assets
+	 *
+	 * @default true
+	 */
+	readonly assetMetadata?: boolean;
+	/**
+	 * Copy assets to the output directory
+	 *
+	 * Needed for local debugging the source files with SAM CLI
+	 *
+	 * @default false
+	 */
+	readonly staging?: boolean;
+	/**
+	 * Emits the synthesized cloud assembly into a directory
+	 *
+	 * @default cdk.out
+	 */
+	readonly output?: string;
+	/**
+	 * Show relevant notices
+	 *
+	 * @default true
+	 */
+	readonly notices?: boolean;
+	/**
+	 * Show colors and other style from console output
+	 *
+	 * @default true
+	 */
+	readonly color?: boolean;
+}
+interface DeployOptions extends DefaultCdkOptions {
+	/**
+	 * Only perform action on the given stack
+	 *
+	 * @default false
+	 */
+	readonly exclusively?: boolean;
+	/**
+	 * Name of the toolkit stack to use/deploy
+	 *
+	 * @default CDKToolkit
+	 */
+	readonly toolkitStackName?: string;
+	/**
+	 * Reuse the assets with the given asset IDs
+	 *
+	 * @default - do not reuse assets
+	 */
+	readonly reuseAssets?: string[];
+	/**
+	 * Optional name to use for the CloudFormation change set.
+	 * If not provided, a name will be generated automatically.
+	 *
+	 * @default - auto generate a name
+	 */
+	readonly changeSetName?: string;
+	/**
+	 * Always deploy, even if templates are identical.
+	 * @default false
+	 */
+	readonly force?: boolean;
+	/**
+	 * Rollback failed deployments
+	 *
+	 * @default true
+	 */
+	readonly rollback?: boolean;
+	/**
+	 * ARNs of SNS topics that CloudFormation will notify with stack related events
+	 *
+	 * @default - no notifications
+	 */
+	readonly notificationArns?: string[];
+	/**
+	 * What kind of security changes require approval
+	 *
+	 * @default RequireApproval.NEVER
+	 */
+	readonly requireApproval?: RequireApproval;
+	/**
+	 * Whether to execute the ChangeSet
+	 * Not providing `execute` parameter will result in execution of ChangeSet
+	 * @default true
+	 */
+	readonly execute?: boolean;
+	/**
+	 * Additional parameters for CloudFormation at deploy time
+	 * @default {}
+	 */
+	readonly parameters?: {
+		[name: string]: string;
+	};
+	/**
+	 * Use previous values for unspecified parameters
+	 *
+	 * If not set, all parameters must be specified for every deployment.
+	 *
+	 * @default true
+	 */
+	readonly usePreviousParameters?: boolean;
+	/**
+	 * Path to file where stack outputs will be written after a successful deploy as JSON
+	 * @default - Outputs are not written to any file
+	 */
+	readonly outputsFile?: string;
+	/**
+	 * Whether we are on a CI system
+	 *
+	 * @default false
+	 */
+	readonly ci?: boolean;
+	/**
+	 * Deploy multiple stacks in parallel
+	 *
+	 * @default 1
+	 */
+	readonly concurrency?: number;
+}
+interface DestroyOptions extends DefaultCdkOptions {
+	/**
+	 * Do not ask for permission before destroying stacks
+	 *
+	 * @default false
+	 */
+	readonly force?: boolean;
+	/**
+	 * Only destroy the given stack
+	 *
+	 * @default false
+	 */
+	readonly exclusively?: boolean;
+}
+interface TestOptions {
+	/**
+	 * Run update workflow on this test case
+	 * This should only be set to false to test scenarios
+	 * that are not possible to test as part of the update workflow
+	 *
+	 * @default true
+	 */
+	readonly stackUpdateWorkflow?: boolean;
+	/**
+	 * Additional options to use for each CDK command
+	 *
+	 * @default - runner default options
+	 */
+	readonly cdkCommandOptions?: CdkCommands;
+	/**
+	 * Additional commands to run at predefined points in the test workflow
+	 *
+	 * e.g. { postDeploy: ['yarn', 'test'] }
+	 *
+	 * @default - no hooks
+	 */
+	readonly hooks?: Hooks;
+	/**
+	 * Whether or not to include asset hashes in the diff
+	 * Asset hashes can introduces a lot of unneccessary noise into tests,
+	 * but there are some cases where asset hashes _should_ be included. For example
+	 * any tests involving custom resources or bundling
+	 *
+	 * @default false
+	 */
+	readonly diffAssets?: boolean;
+	/**
+	 * List of CloudFormation resource types in this stack that can
+	 * be destroyed as part of an update without failing the test.
+	 *
+	 * This list should only include resources that for this specific
+	 * integration test we are sure will not cause errors or an outage if
+	 * destroyed. For example, maybe we know that a new resource will be created
+	 * first before the old resource is destroyed which prevents any outage.
+	 *
+	 * e.g. ['AWS::IAM::Role']
+	 *
+	 * @default - do not allow destruction of any resources on update
+	 */
+	readonly allowDestroy?: string[];
+	/**
+	 * Limit deployment to these regions
+	 *
+	 * @default - can run in any region
+	 */
+	readonly regions?: string[];
+}
+interface TestCase extends TestOptions {
+	/**
+	 * Stacks that should be tested as part of this test case
+	 * The stackNames will be passed as args to the cdk commands
+	 * so dependent stacks will be automatically deployed unless
+	 * `exclusively` is passed
+	 */
+	readonly stacks: string[];
+	/**
+	 * The node id of the stack that contains assertions.
+	 * This is the value that can be used to deploy the stack with the CDK CLI
+	 *
+	 * @default - no assertion stack
+	 */
+	readonly assertionStack?: string;
+	/**
+	 * The name of the stack that contains assertions
+	 *
+	 * @default - no assertion stack
+	 */
+	readonly assertionStackName?: string;
+}
+interface Hooks {
+	/**
+	 * Commands to run prior to deploying the cdk stacks
+	 * in the integration test
+	 *
+	 * @default - no commands
+	 */
+	readonly preDeploy?: string[];
+	/**
+	 * Commands to run prior after deploying the cdk stacks
+	 * in the integration test
+	 *
+	 * @default - no commands
+	 */
+	readonly postDeploy?: string[];
+	/**
+	 * Commands to run prior to destroying the cdk stacks
+	 * in the integration test
+	 *
+	 * @default - no commands
+	 */
+	readonly preDestroy?: string[];
+	/**
+	 * Commands to run after destroying the cdk stacks
+	 * in the integration test
+	 *
+	 * @default - no commands
+	 */
+	readonly postDestroy?: string[];
+}
+interface CdkCommand {
+	/**
+	 * Whether or not to run this command as part of the workflow
+	 * This can be used if you only want to test some of the workflow
+	 * for example enable `synth` and disable `deploy` & `destroy` in order
+	 * to limit the test to synthesis
+	 *
+	 * @default true
+	 */
+	readonly enabled?: boolean;
+	/**
+	 * If the runner should expect this command to fail
+	 *
+	 * @default false
+	 */
+	readonly expectError?: boolean;
+	/**
+	 * This can be used in combination with `expectedError`
+	 * to validate that a specific message is returned.
+	 *
+	 * @default - do not validate message
+	 */
+	readonly expectedMessage?: string;
+}
+interface DeployCommand extends CdkCommand {
+	/**
+	 * Additional arguments to pass to the command
+	 * This can be used to test specific CLI functionality
+	 *
+	 * @default - only default args are used
+	 */
+	readonly args?: DeployOptions;
+}
+interface DestroyCommand extends CdkCommand {
+	/**
+	 * Additional arguments to pass to the command
+	 * This can be used to test specific CLI functionality
+	 *
+	 * @default - only default args are used
+	 */
+	readonly args?: DestroyOptions;
+}
+interface CdkCommands {
+	/**
+	 * Options to for the cdk deploy command
+	 *
+	 * @default - default deploy options
+	 */
+	readonly deploy?: DeployCommand;
+	/**
+	 * Options to for the cdk destroy command
+	 *
+	 * @default - default destroy options
+	 */
+	readonly destroy?: DestroyCommand;
+}
+interface IntegManifest {
+	/**
+	 * Version of the manifest
+	 */
+	readonly version: string;
+	/**
+	 * Enable lookups for this test. If lookups are enabled
+	 * then `stackUpdateWorkflow` must be set to false.
+	 * Lookups should only be enabled when you are explicitely testing
+	 * lookups.
+	 *
+	 * @default false
+	 */
+	readonly enableLookups?: boolean;
+	/**
+	 * Additional context to use when performing
+	 * a synth. Any context provided here will override
+	 * any default context
+	 *
+	 * @default - no additional context
+	 */
+	readonly synthContext?: {
+		[name: string]: string;
+	};
+	/**
+	 * test cases
+	 */
+	readonly testCases: {
+		[testName: string]: TestCase;
+	};
+}
+declare const VERSION_MISMATCH: string;
+interface LoadManifestOptions {
+	/**
+	 * Skip the version check
+	 *
+	 * This means you may read a newer cloud assembly than the CX API is designed
+	 * to support, and your application may not be aware of all features that in use
+	 * in the Cloud Assembly.
+	 *
+	 * @default false
+	 */
+	readonly skipVersionCheck?: boolean;
+	/**
+	 * Skip enum checks
+	 *
+	 * This means you may read enum values you don't know about yet. Make sure to always
+	 * check the values of enums you encounter in the manifest.
+	 *
+	 * @default false
+	 */
+	readonly skipEnumCheck?: boolean;
+	/**
+	 * Topologically sort all artifacts
+	 *
+	 * This parameter is only respected by the constructor of `CloudAssembly`. The
+	 * property lives here for backwards compatibility reasons.
+	 *
+	 * @default true
+	 */
+	readonly topoSort?: boolean;
+}
+declare class Manifest {
+	/**
+	 * Validates and saves the cloud assembly manifest to file.
+	 *
+	 * @param manifest - manifest.
+	 * @param filePath - output file path.
+	 */
+	static saveAssemblyManifest(manifest: AssemblyManifest, filePath: string): void;
+	/**
+	 * Load and validates the cloud assembly manifest from file.
+	 *
+	 * @param filePath - path to the manifest file.
+	 */
+	static loadAssemblyManifest(filePath: string, options?: LoadManifestOptions): AssemblyManifest;
+	/**
+	 * Validates and saves the asset manifest to file.
+	 *
+	 * @param manifest - manifest.
+	 * @param filePath - output file path.
+	 */
+	static saveAssetManifest(manifest: AssetManifest, filePath: string): void;
+	/**
+	 * Load and validates the asset manifest from file.
+	 *
+	 * @param filePath - path to the manifest file.
+	 */
+	static loadAssetManifest(filePath: string): AssetManifest;
+	/**
+	 * Validates and saves the integ manifest to file.
+	 *
+	 * @param manifest - manifest.
+	 * @param filePath - output file path.
+	 */
+	static saveIntegManifest(manifest: IntegManifest, filePath: string): void;
+	/**
+	 * Load and validates the integ manifest from file.
+	 *
+	 * @param filePath - path to the manifest file.
+	 */
+	static loadIntegManifest(filePath: string): IntegManifest;
+	/**
+	 * Fetch the current schema version number.
+	 */
+	static version(): string;
+	/**
+	 * Return the CLI version that supports this Cloud Assembly Schema version
+	 */
+	static cliVersion(): string | undefined;
+	/**
+	 * Deprecated
+	 * @deprecated use `saveAssemblyManifest()`
+	 */
+	static save(manifest: AssemblyManifest, filePath: string): void;
+	/**
+	 * Deprecated
+	 * @deprecated use `loadAssemblyManifest()`
+	 */
+	static load(filePath: string): AssemblyManifest;
+	private static validate;
+	private static saveManifest;
+	private static loadManifest;
+	/**
+	 * This requires some explaining...
+	 *
+	 * We previously used `{ Key, Value }` for the object that represents a stack tag. (Notice the casing)
+	 * @link https://github.com/aws/aws-cdk/blob/v1.27.0/packages/aws-cdk/lib/api/cxapp/stacks.ts#L427.
+	 *
+	 * When that object moved to this package, it had to be JSII compliant, which meant the property
+	 * names must be `camelCased`, and not `PascalCased`. This meant it no longer matches the structure in the `manifest.json` file.
+	 * In order to support current manifest files, we have to translate the `PascalCased` representation to the new `camelCased` one.
+	 *
+	 * Note that the serialization itself still writes `PascalCased` because it relates to how CloudFormation expects it.
+	 *
+	 * Ideally, we would start writing the `camelCased` and translate to how CloudFormation expects it when needed. But this requires nasty
+	 * backwards-compatibility code and it just doesn't seem to be worth the effort.
+	 */
+	private static patchStackTagsOnRead;
+	/**
+	 * Validates that `assumeRoleAdditionalOptions` doesn't contain nor `ExternalId` neither `RoleArn`, as they
+	 * should have dedicated properties preceding this (e.g `assumeRoleArn` and `assumeRoleExternalId`).
+	 */
+	private static validateAssumeRoleAdditionalOptions;
+	/**
+	 * See explanation on `patchStackTagsOnRead`
+	 *
+	 * Translate stack tags metadata if it has the "right" casing.
+	 */
+	private static patchStackTagsOnWrite;
+	/**
+	 * Recursively replace stack tags in the stack metadata
+	 */
+	private static replaceStackTags;
+	private constructor();
+}
+export interface BootstrapEnvironmentProgress {
+	/**
+	 * The total number of environments being deployed
+	 */
+	readonly total: number;
+	/**
+	 * The count of the environment currently bootstrapped
+	 *
+	 * This is counting value, not an identifier.
+	 */
+	readonly current: number;
+	/**
+	 * The environment that's currently being bootstrapped
+	 */
+	readonly environment: cxapi.Environment;
+}
+interface IManifestEntry {
+	/**
+	 * The identifier of the asset and its destination
+	 */
+	readonly id: DestinationIdentifier;
+	/**
+	 * The type of asset
+	 */
+	readonly type: string;
+	/**
+	 * Type-dependent source data
+	 */
+	readonly genericSource: unknown;
+	/**
+	 * Type-dependent destination data
+	 */
+	readonly genericDestination: unknown;
+	/**
+	 * Return a display name for this asset
+	 *
+	 * The `includeDestination` parameter controls whether or not to include the
+	 * destination ID in the display name.
+	 *
+	 * - Pass `false` if you are displaying notifications about building the
+	 *   asset, or if you are describing the work of building the asset and publishing
+	 *   to all destinations at the same time.
+	 * - Pass `true` if you are displaying notifications about publishing to a
+	 *   specific destination.
+	 */
+	displayName(includeDestination: boolean): string;
+}
+declare class DestinationIdentifier {
+	/**
+	 * Identifies the asset, by source.
+	 *
+	 * The assetId will be the same between assets that represent
+	 * the same physical file or image.
+	 */
+	readonly assetId: string;
+	/**
+	 * Identifies the destination where this asset will be published
+	 */
+	readonly destinationId: string;
+	constructor(assetId: string, destinationId: string);
+	/**
+	 * Return a string representation for this asset identifier
+	 */
+	toString(): string;
+}
+/**
+ * Different types of permission related changes in a diff
+ */
+export declare enum PermissionChangeType {
+	/**
+	 * No permission changes
+	 */
+	NONE = "none",
+	/**
+	 * Permissions are broadening
+	 */
+	BROADENING = "broadening",
+	/**
+	 * Permissions are changed but not broadening
+	 */
+	NON_BROADENING = "non-broadening"
+}
+/**
+ * Assembly data returned in the payload of an IO Message.
+ */
+export interface AssemblyData {
+	/**
+	 * The path to the assembly directory
+	 */
+	readonly assemblyDirectory: string;
+	/**
+	 * The number of stacks actioned on
+	 */
+	readonly stacksCount: number;
+	/**
+	 * The stack IDs
+	 */
+	readonly stackIds: string[];
+}
+/**
+ * Stack data returned in the payload of an IO Message.
+ */
+export interface StackData {
+	/**
+	 * The stack name
+	 */
+	readonly stackName: string;
+	/**
+	 * The stack ID
+	 */
+	readonly hierarchicalId: string;
+	/**
+	 * The stack template
+	 */
+	readonly template: any;
+	/**
+	 * The stack template converted to JSON format
+	 */
+	readonly stringifiedJson: string;
+	/**
+	 * The stack template converted to YAML format
+	 */
+	readonly stringifiedYaml: string;
+}
+/**
+ * Stack data returned in the payload of an IO Message.
+ */
+export interface StackAndAssemblyData extends AssemblyData {
+	/**
+	 * Stack Data
+	 */
+	readonly stack: StackData;
+}
+/**
+ * Duration information returned in the payload of an IO Message.
+ */
+export interface Duration {
+	/**
+	 * The duration of the action.
+	 */
+	readonly duration: number;
+}
+/**
+ * Generic payload of error IoMessages that pass on an instance of `Error`
+ */
+export interface ErrorPayload {
+	/**
+	 * The error that occurred
+	 */
+	readonly error: Error;
+}
+/**
+ * Generic payload of a simple yes/no question.
+ *
+ * The expectation is that 'yes' means moving on,
+ * and 'no' means aborting the current action.
+ */
+export interface ConfirmationRequest {
+	/**
+	 * Some additional motivation for the confirmation that may be used as context for the user.
+	 */
+	readonly motivation: string;
+	/**
+	 * Number of on-going concurrent operations
+	 * If more than one operations is on-going, a client might decide that asking the user
+	 * for input is too complex, as the confirmation might not easily be attributed to a specific request.
+	 *
+	 * @default - no concurrency
+	 */
+	readonly concurrency?: number;
+}
+export interface StackDeployProgress {
+	/**
+	 * The total number of stacks being deployed
+	 */
+	readonly total: number;
+	/**
+	 * The count of the stack currently attempted to be deployed
+	 *
+	 * This is counting value, not an identifier.
+	 */
+	readonly current: number;
+	/**
+	 * The stack that's currently being deployed
+	 */
+	readonly stack: CloudFormationStackArtifact;
+}
+/**
+ * Payload for a yes/no confirmation in deploy. Includes information on
+ * what kind of change is being made.
+ */
+export interface DeployConfirmationRequest extends ConfirmationRequest {
+	/**
+	 * The type of change being made to the IAM permissions.
+	 */
+	readonly permissionChangeType: PermissionChangeType;
+}
+export type DeployStackResult = SuccessfulDeployStackResult | NeedRollbackFirstDeployStackResult | ReplacementRequiresRollbackStackResult;
+/** Successfully deployed a stack */
+export interface SuccessfulDeployStackResult {
+	readonly type: "did-deploy-stack";
+	readonly noOp: boolean;
+	readonly outputs: {
+		[name: string]: string;
+	};
+	readonly stackArn: string;
+}
+/** The stack is currently in a failpaused state, and needs to be rolled back before the deployment */
+export interface NeedRollbackFirstDeployStackResult {
+	readonly type: "failpaused-need-rollback-first";
+	readonly reason: "not-norollback" | "replacement";
+	readonly status: string;
+}
+/** The upcoming change has a replacement, which requires deploying with --rollback */
+export interface ReplacementRequiresRollbackStackResult {
+	readonly type: "replacement-requires-rollback";
+}
+export interface StackDeployProgress {
+	/**
+	 * The total number of stacks being deployed
+	 */
+	readonly total: number;
+	/**
+	 * The count of the stack currently attempted to be deployed
+	 *
+	 * This is counting value, not an identifier.
+	 */
+	readonly current: number;
+	/**
+	 * The stack that's currently being deployed
+	 */
+	readonly stack: CloudFormationStackArtifact;
+}
+/**
+ * Payload for a yes/no confirmation in deploy. Includes information on
+ * what kind of change is being made.
+ */
+export interface DeployConfirmationRequest extends ConfirmationRequest {
+	/**
+	 * The type of change being made to the IAM permissions.
+	 */
+	readonly permissionChangeType: PermissionChangeType;
+}
+export interface BuildAsset {
+	/**
+	 * The asset that is build
+	 */
+	readonly asset: IManifestEntry;
+}
+export interface PublishAsset {
+	/**
+	 * The asset that is published
+	 */
+	readonly asset: IManifestEntry;
+}
+export interface StackDestroy {
+	/**
+	 * The stacks that will be destroyed
+	 */
+	readonly stacks: CloudFormationStackArtifact[];
+}
+export interface StackDestroyProgress {
+	/**
+	 * The total number of stacks being destroyed
+	 */
+	readonly total: number;
+	/**
+	 * The count of the stack currently attempted to be destroyed
+	 *
+	 * This is counting value, not an identifier.
+	 */
+	readonly current: number;
+	/**
+	 * The stack that's currently being destroyed
+	 */
+	readonly stack: CloudFormationStackArtifact;
+}
+/**
+ * The dependencies of a stack.
+ */
+export interface StackDependency {
+	id: string;
+	dependencies: StackDependency[];
+}
+/**
+ * Details of a stack.
+ */
+export interface StackDetails {
+	id: string;
+	name: string;
+	environment: cxapi.Environment;
+	dependencies: StackDependency[];
+}
+export interface StackDetailsPayload {
+	stacks: StackDetails[];
+}
+/**
+ * An SDK logging trace.
+ *
+ * Only info, warn and error level messages are emitted.
+ * SDK traces are emitted as traces to the IoHost, but contain the original SDK logging level.
+ */
+export interface SdkTrace {
+	/**
+	 * The level the SDK has emitted the original message with
+	 */
+	readonly sdkLevel: "info" | "warn" | "error";
+	/**
+	 * The content of the SDK trace
+	 *
+	 * This will include the request and response data for API calls, including potentially sensitive information.
+	 *
+	 * @see https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/logging-sdk-calls.html
+	 */
+	readonly content: any;
+}
+interface MissingContext$1 {
+	missingKeys: string[];
+}
+export interface UpdatedContext {
+	contextFile: string;
+	context: {
+		[key: string]: any;
+	};
+}
+export interface StackRollbackProgress {
+	/**
+	 * The total number of stacks being rolled back
+	 */
+	readonly total: number;
+	/**
+	 * The count of the stack currently attempted to be rolled back
+	 *
+	 * This is counting value, not an identifier.
+	 */
+	readonly current: number;
+	/**
+	 * The stack that's currently being rolled back
+	 */
+	readonly stack: CloudFormationStackArtifact;
+}
+export interface StackProgress {
+	/**
+	 * The total number of progress monitored resources.
+	 */
+	readonly total?: number;
+	/**
+	 * The number of completed resources.
+	 */
+	readonly completed: number;
+	/**
+	 * The current progress as a [34/42] string, or just [34] if the total is unknown.
+	 */
+	readonly formatted: string;
+}
+/**
+ * Payload when stack monitoring is starting or stopping for a given stack deployment.
+ */
+export interface StackMonitoringControlEvent {
+	/**
+	 * A unique identifier for a specific stack deployment.
+	 *
+	 * Use this value to attribute stack activities received for concurrent deployments.
+	 */
+	readonly deployment: string;
+	/**
+	 * The stack artifact that is getting deployed
+	 */
+	readonly stack: CloudFormationStackArtifact;
+	/**
+	 * The name of the Stack that is getting deployed
+	 */
+	readonly stackName: string;
+	/**
+	 * Total number of resources taking part in this deployment
+	 *
+	 * The number might not always be known or accurate.
+	 * Only use for informational purposes and handle the case when it's unavailable.
+	 */
+	readonly resourcesTotal?: number;
+}
+export interface StackActivity {
+	/**
+	 * A unique identifier for a specific stack deployment.
+	 *
+	 * Use this value to attribute stack activities received for concurrent deployments.
+	 */
+	readonly deployment: string;
+	/**
+	 * The Stack Event as received from CloudFormation
+	 */
+	readonly event: StackEvent;
+	/**
+	 * Additional resource metadata
+	 */
+	readonly metadata?: ResourceMetadata;
+	/**
+	 * The stack progress
+	 */
+	readonly progress: StackProgress;
+}
+export interface ResourceMetadata {
+	entry: MetadataEntry;
+	constructPath: string;
+}
+export interface StackSelectionDetails {
+	/**
+	 * The selected stacks, if any
+	 */
+	readonly stacks: StackSelector;
+}
+/**
+ * The computed file watch settings
+ */
+export interface WatchSettings {
+	/**
+	 * The directory observed for file changes
+	 */
+	readonly watchDir: string;
+	/**
+	 * List of include patterns for watching files
+	 */
+	readonly includes: string[];
+	/**
+	 * List of excludes patterns for watching files
+	 */
+	readonly excludes: string[];
+}
+export interface FileWatchEvent {
+	/**
+	 * The change to the path
+	 */
+	readonly event: string;
+	/**
+	 * The path that has an observed event
+	 */
+	readonly path?: string;
+}
+/**
+ * Payload when stack monitoring is starting or stopping for a given stack deployment.
+ */
+export interface CloudWatchLogMonitorControlEvent {
+	/**
+	 * A unique identifier for a monitor
+	 *
+	 * Use this value to attribute events received for concurrent log monitoring.
+	 */
+	readonly monitor: string;
+	/**
+	 * The names of monitored log groups
+	 */
+	readonly logGroupNames: string[];
+}
+/**
+ * Represents a CloudWatch Log Event that will be
+ * printed to the terminal
+ */
+export interface CloudWatchLogEvent {
+	/**
+	 * The log event message
+	 */
+	readonly message: string;
+	/**
+	 * The name of the log group
+	 */
+	readonly logGroupName: string;
+	/**
+	 * The time at which the event occurred
+	 */
+	readonly timestamp: Date;
+}
+/**
+ * Represents a general toolkit error in the AWS CDK Toolkit.
+ */
+export declare class ToolkitError extends Error {
+	/**
+	 * Determines if a given error is an instance of ToolkitError.
+	 */
+	static isToolkitError(x: any): x is ToolkitError;
+	/**
+	 * Determines if a given error is an instance of AuthenticationError.
+	 */
+	static isAuthenticationError(x: any): x is AuthenticationError;
+	/**
+	 * Determines if a given error is an instance of AssemblyError.
+	 */
+	static isAssemblyError(x: any): x is AssemblyError;
+	/**
+	 * Determines if a given error is an instance of AssemblyError.
+	 */
+	static isContextProviderError(x: any): x is ContextProviderError;
+	/**
+	 * The type of the error, defaults to "toolkit".
+	 */
+	readonly type: string;
+	/**
+	 * Denotes the source of the error as the toolkit.
+	 */
+	readonly source: "toolkit" | "user";
+	constructor(message: string, type?: string);
+}
+/**
+ * Represents an authentication-specific error in the AWS CDK Toolkit.
+ */
+export declare class AuthenticationError extends ToolkitError {
+	/**
+	 * Denotes the source of the error as user.
+	 */
+	readonly source = "user";
+	constructor(message: string);
+}
+/**
+ * Represents an error causes by cloud assembly synthesis
+ *
+ * This includes errors thrown during app execution, as well as failing annotations.
+ */
+export declare class AssemblyError extends ToolkitError {
+	/**
+	 * An AssemblyError with an original error as cause
+	 */
+	static withCause(message: string, error: unknown): AssemblyError;
+	/**
+	 * An AssemblyError with a list of stacks as cause
+	 */
+	static withStacks(message: string, stacks?: cxapi.CloudFormationStackArtifact[]): AssemblyError;
+	/**
+	 * Denotes the source of the error as user.
+	 */
+	readonly source = "user";
+	/**
+	 * The stacks that caused the error, if available
+	 *
+	 * The `messages` property of each `cxapi.CloudFormationStackArtifact` will contain the respective errors.
+	 * Absence indicates synthesis didn't fully complete.
+	 */
+	readonly stacks?: cxapi.CloudFormationStackArtifact[];
+	/**
+	 * The specific original cause of the error, if available
+	 */
+	readonly cause?: unknown;
+	private constructor();
+}
+/**
+ * Represents an error originating from a Context Provider
+ */
+export declare class ContextProviderError extends ToolkitError {
+	/**
+	 * Denotes the source of the error as user.
+	 */
+	readonly source = "user";
+	constructor(message: string);
+}
+
+export {
+	MissingContext$1 as MissingContext,
+};
 
 export {};