@propulsionworks/cloudformation 0.1.35 → 0.1.37

package/out/exports/resources.generated/aws-qbusiness-application.d.ts

@@ -53,7 +53,7 @@ export type QBusinessApplicationProps = {
      */
     DisplayName: string;
     /**
-     * Provides the identifier of the AWS KMS key used to encrypt data indexed by Amazon Q Business. Amazon Q Business doesn't support asymmetric keys.
+     * Provides the identifier of the AWS  key used to encrypt data indexed by Amazon Q Business. Amazon Q Business doesn't support asymmetric keys.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-qbusiness-application.html#cfn-qbusiness-application-encryptionconfiguration}
      */
     EncryptionConfiguration?: EncryptionConfiguration | undefined;
@@ -195,12 +195,12 @@ export type AutoSubscriptionConfiguration = {
  */
 export type AutoSubscriptionStatus = "ENABLED" | "DISABLED";
 /**
- * Provides the identifier of the AWS KMS key used to encrypt data indexed by Amazon Q Business. Amazon Q Business doesn't support asymmetric keys.
+ * Provides the identifier of the AWS  key used to encrypt data indexed by Amazon Q Business. Amazon Q Business doesn't support asymmetric keys.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-qbusiness-application-encryptionconfiguration.html}
  */
 export type EncryptionConfiguration = {
     /**
-     * The identifier of the AWS KMS key. Amazon Q Business doesn't support asymmetric keys.
+     * The identifier of the AWS  key. Amazon Q Business doesn't support asymmetric keys.
      * @minLength 1
      * @maxLength 2048
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-qbusiness-application-encryptionconfiguration.html#cfn-qbusiness-application-encryptionconfiguration-kmskeyid}

package/out/exports/resources.generated/aws-qbusiness-datasource.d.ts

@@ -32,7 +32,7 @@ export type QBusinessDataSourceProps = {
      * Similarly, you can find configuration templates and properties for your specific data source using the following steps:
      *
      * - Navigate to the [Supported connectors](https://docs.aws.amazon.com/amazonq/latest/business-use-dg/connectors-list.html) page in the Amazon Q Business User Guide, and select the data source connector of your choice.
-     * - Then, from that specific data source connector's page, choose the topic containing *Using AWS CloudFormation* to find the schemas for your data source connector, including configuration parameter descriptions and examples.
+     * - Then, from that specific data source connector's page, choose the topic containing *Using CloudFormation* to find the schemas for your data source connector, including configuration parameter descriptions and examples.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-qbusiness-datasource.html#cfn-qbusiness-datasource-configuration}
      */
     Configuration: unknown;

package/out/exports/resources.generated/aws-qbusiness-webexperience.d.ts

@@ -209,7 +209,7 @@ export type OpenIDConnectProviderConfiguration = {
      */
     SecretsArn: string;
     /**
-     * An IAM role with permissions to access AWS KMS to decrypt the Secrets Manager secret containing your OIDC client secret.
+     * An IAM role with permissions to access AWS  to decrypt the Secrets Manager secret containing your OIDC client secret.
      * @minLength 0
      * @maxLength 1284
      * @pattern ^arn:[a-z0-9-\.]{1,63}:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[^/].{0,1023}$

package/out/exports/resources.generated/aws-qldb-ledger.d.ts

@@ -21,11 +21,11 @@ export type QLDBLedgerProps = {
      */
     DeletionProtection?: boolean | undefined;
     /**
-     * The key in AWS Key Management Service ( AWS KMS ) to use for encryption of data at rest in the ledger. For more information, see [Encryption at rest](https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html) in the *Amazon QLDB Developer Guide* .
+     * The key in AWS Key Management Service ( AWS  ) to use for encryption of data at rest in the ledger. For more information, see [Encryption at rest](https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html) in the *Amazon QLDB Developer Guide* .
      *
      * Use one of the following options to specify this parameter:
      *
-     * - `AWS_OWNED_KMS_KEY` : Use an AWS KMS key that is owned and managed by AWS on your behalf.
+     * - `AWS_OWNED_KMS_KEY` : Use an AWS  key that is owned and managed by AWS on your behalf.
      * - *Undefined* : By default, use an AWS owned KMS key.
      * - *A valid symmetric customer managed KMS key* : Use the specified symmetric encryption KMS key in your account that you create, own, and manage.
      *

package/out/exports/resources.generated/aws-rbin-rule.d.ts

@@ -47,10 +47,14 @@ export type RbinRuleProps = {
      */
     ResourceTags?: ResourceTag[] | undefined;
     /**
-     * The resource type to be retained by the retention rule. Currently, only Amazon EBS snapshots and EBS-backed AMIs are supported. To retain snapshots, specify `EBS_SNAPSHOT` . To retain EBS-backed AMIs, specify `EC2_IMAGE` .
+     * The resource type to be retained by the retention rule. Currently, only EBS volumes, EBS snapshots, and EBS-backed AMIs are supported.
+     *
+     * - To retain EBS volumes, specify `EBS_VOLUME` .
+     * - To retain EBS snapshots, specify `EBS_SNAPSHOT`
+     * - To retain EBS-backed AMIs, specify `EC2_IMAGE` .
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rbin-rule.html#cfn-rbin-rule-resourcetype}
      */
-    ResourceType: "EBS_SNAPSHOT" | "EC2_IMAGE";
+    ResourceType: "EBS_SNAPSHOT" | "EC2_IMAGE" | "EBS_VOLUME";
     /**
      * Information about the retention period for which the retention rule is to retain resources.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rbin-rule.html#cfn-rbin-rule-retentionperiod}
@@ -128,7 +132,10 @@ export type RetentionPeriod = {
      */
     RetentionPeriodUnit: "DAYS";
     /**
-     * The period value for which the retention rule is to retain resources. The period is measured using the unit specified for *RetentionPeriodUnit* .
+     * The period value for which the retention rule is to retain resources, measured in days. The supported retention periods are:
+     *
+     * - EBS volumes: 1 - 7 days
+     * - EBS snapshots and EBS-backed AMIs: 1 - 365 days
      * @min 1
      * @max 3650
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rbin-rule-retentionperiod.html#cfn-rbin-rule-retentionperiod-retentionperiodvalue}
@@ -141,7 +148,7 @@ export type RetentionPeriod = {
  */
 export type UnlockDelay = {
     /**
-     * The unit of time in which to measure the unlock delay. Currently, the unlock delay can be measure only in days.
+     * The unit of time in which to measure the unlock delay. Currently, the unlock delay can be measured only in days.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rbin-rule-unlockdelay.html#cfn-rbin-rule-unlockdelay-unlockdelayunit}
      */
     UnlockDelayUnit?: "DAYS" | undefined;

package/out/exports/resources.generated/aws-refactorspaces-application.d.ts

@@ -62,7 +62,7 @@ export type RefactorSpacesApplicationProps = {
  */
 export type RefactorSpacesApplicationAttribs = {
     /**
-     * The resource ID of the API Gateway for the proxy.
+     * The resource ID of the ABP for the proxy.
      * @minLength 10
      * @maxLength 10
      * @pattern ^[a-z0-9]{10}$
@@ -102,7 +102,7 @@ export type RefactorSpacesApplicationAttribs = {
      */
     NlbName: string;
     /**
-     * The endpoint URL of the Amazon API Gateway proxy.
+     * The endpoint URL of the ABPlong proxy.
      * @minLength 1
      * @maxLength 2048
      * @pattern ^http://[-a-zA-Z0-9+\x38@#/%?=~_|!:,.;]*[-a-zA-Z0-9+\x38@#/%=~_|]$
@@ -110,7 +110,7 @@ export type RefactorSpacesApplicationAttribs = {
      */
     ProxyUrl: string;
     /**
-     * The name of the API Gateway stage. The name defaults to `prod` .
+     * The name of the ABP stage. The name defaults to `prod` .
      * @minLength 1
      * @maxLength 128
      * @pattern ^[-a-zA-Z0-9_]*$
@@ -118,7 +118,7 @@ export type RefactorSpacesApplicationAttribs = {
      */
     StageName: string;
     /**
-     * The `VpcLink` ID of the API Gateway proxy.
+     * The `VpcLink` ID of the ABP proxy.
      * @minLength 10
      * @maxLength 10
      * @pattern ^[a-z0-9]{10}$

package/out/exports/resources.generated/aws-refactorspaces-route.d.ts

@@ -6,11 +6,11 @@ import type { ResourceDefinitionWithAttributes, Tag } from "../main.ts";
  *
  * > In the `AWS::RefactorSpaces::Route` resource, you can only update the `ActivationState` property, which resides under the `UriPathRoute` and `DefaultRoute` properties. All other properties associated with the `AWS::RefactorSpaces::Route` cannot be updated, even though the property description might indicate otherwise. Updating all other properties will result in the replacement of Route.
  *
- * When you create a route, Refactor Spaces configures the Amazon API Gateway to send traffic to the target service as follows:
+ * When you create a route, Refactor Spaces configures the ABPlong to send traffic to the target service as follows:
  *
  * - *URL Endpoints*
  *
- * If the service has a URL endpoint, and the endpoint resolves to a private IP address, Refactor Spaces routes traffic using the API Gateway VPC link. If a service endpoint resolves to a public IP address, Refactor Spaces routes traffic over the public internet. Services can have HTTP or HTTPS URL endpoints. For HTTPS URLs, publicly-signed certificates are supported. Private Certificate Authorities (CAs) are permitted only if the CA's domain is also publicly resolvable.
+ * If the service has a URL endpoint, and the endpoint resolves to a private IP address, Refactor Spaces routes traffic using the ABP VPC link. If a service endpoint resolves to a public IP address, Refactor Spaces routes traffic over the public internet. Services can have HTTP or HTTPS URL endpoints. For HTTPS URLs, publicly-signed certificates are supported. Private Certificate Authorities (CAs) are permitted only if the CA's domain is also publicly resolvable.
  *
  * Refactor Spaces automatically resolves the public Domain Name System (DNS) names that are set in `CreateService:UrlEndpoint` when you create a service. The DNS names resolve when the DNS time-to-live (TTL) expires, or every 60 seconds for TTLs less than 60 seconds. This periodic DNS resolution ensures that the route configuration remains up-to-date.
  *
@@ -18,10 +18,10 @@ import type { ResourceDefinitionWithAttributes, Tag } from "../main.ts";
  *
  * A one-time health check is performed on the service when either the route is updated from inactive to active, or when it is created with an active state. If the health check fails, the route transitions the route state to `FAILED` , an error code of `SERVICE_ENDPOINT_HEALTH_CHECK_FAILURE` is provided, and no traffic is sent to the service.
  *
- * For private URLs, a target group is created on the Network Load Balancer and the load balancer target group runs default target health checks. By default, the health check is run against the service endpoint URL. Optionally, the health check can be performed against a different protocol, port, and/or path using the [CreateService:UrlEndpoint](https://docs.aws.amazon.com/migrationhub-refactor-spaces/latest/APIReference/API_CreateService.html#migrationhubrefactorspaces-CreateService-request-UrlEndpoint) parameter. All other health check settings for the load balancer use the default values described in the [Health checks for your target groups](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html) in the *Elastic Load Balancing guide* . The health check is considered successful if at least one target within the target group transitions to a healthy state.
+ * For private URLs, a target group is created on the Network Load Balancer and the load balancer target group runs default target health checks. By default, the health check is run against the service endpoint URL. Optionally, the health check can be performed against a different protocol, port, and/or path using the [CreateService:UrlEndpoint](https://docs.aws.amazon.com/migrationhub-refactor-spaces/latest/APIReference/API_CreateService.html#migrationhubrefactorspaces-CreateService-request-UrlEndpoint) parameter. All other health check settings for the load balancer use the default values described in the [Health checks for your target groups](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html) in the *ELB guide* . The health check is considered successful if at least one target within the target group transitions to a healthy state.
  * - *AWS Lambda function endpoints*
  *
- * If the service has an AWS Lambda function endpoint, then Refactor Spaces configures the Lambda function's resource policy to allow the application's API Gateway to invoke the function.
+ * If the service has an AWS Lambda function endpoint, then Refactor Spaces configures the Lambda function's resource policy to allow the application's ABP to invoke the function.
  *
  * The Lambda function state is checked. If the function is not active, the function configuration is updated so that Lambda resources are provisioned. If the Lambda state is `Failed` , then the route creation fails. For more information, see the [GetFunctionConfiguration's State response parameter](https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunctionConfiguration.html#SSS-GetFunctionConfiguration-response-State) in the *AWS Lambda Developer Guide* .
  *
@@ -40,11 +40,11 @@ export type RefactorSpacesRoute = ResourceDefinitionWithAttributes<"AWS::Refacto
  *
  * > In the `AWS::RefactorSpaces::Route` resource, you can only update the `ActivationState` property, which resides under the `UriPathRoute` and `DefaultRoute` properties. All other properties associated with the `AWS::RefactorSpaces::Route` cannot be updated, even though the property description might indicate otherwise. Updating all other properties will result in the replacement of Route.
  *
- * When you create a route, Refactor Spaces configures the Amazon API Gateway to send traffic to the target service as follows:
+ * When you create a route, Refactor Spaces configures the ABPlong to send traffic to the target service as follows:
  *
  * - *URL Endpoints*
  *
- * If the service has a URL endpoint, and the endpoint resolves to a private IP address, Refactor Spaces routes traffic using the API Gateway VPC link. If a service endpoint resolves to a public IP address, Refactor Spaces routes traffic over the public internet. Services can have HTTP or HTTPS URL endpoints. For HTTPS URLs, publicly-signed certificates are supported. Private Certificate Authorities (CAs) are permitted only if the CA's domain is also publicly resolvable.
+ * If the service has a URL endpoint, and the endpoint resolves to a private IP address, Refactor Spaces routes traffic using the ABP VPC link. If a service endpoint resolves to a public IP address, Refactor Spaces routes traffic over the public internet. Services can have HTTP or HTTPS URL endpoints. For HTTPS URLs, publicly-signed certificates are supported. Private Certificate Authorities (CAs) are permitted only if the CA's domain is also publicly resolvable.
  *
  * Refactor Spaces automatically resolves the public Domain Name System (DNS) names that are set in `CreateService:UrlEndpoint` when you create a service. The DNS names resolve when the DNS time-to-live (TTL) expires, or every 60 seconds for TTLs less than 60 seconds. This periodic DNS resolution ensures that the route configuration remains up-to-date.
  *
@@ -52,10 +52,10 @@ export type RefactorSpacesRoute = ResourceDefinitionWithAttributes<"AWS::Refacto
  *
  * A one-time health check is performed on the service when either the route is updated from inactive to active, or when it is created with an active state. If the health check fails, the route transitions the route state to `FAILED` , an error code of `SERVICE_ENDPOINT_HEALTH_CHECK_FAILURE` is provided, and no traffic is sent to the service.
  *
- * For private URLs, a target group is created on the Network Load Balancer and the load balancer target group runs default target health checks. By default, the health check is run against the service endpoint URL. Optionally, the health check can be performed against a different protocol, port, and/or path using the [CreateService:UrlEndpoint](https://docs.aws.amazon.com/migrationhub-refactor-spaces/latest/APIReference/API_CreateService.html#migrationhubrefactorspaces-CreateService-request-UrlEndpoint) parameter. All other health check settings for the load balancer use the default values described in the [Health checks for your target groups](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html) in the *Elastic Load Balancing guide* . The health check is considered successful if at least one target within the target group transitions to a healthy state.
+ * For private URLs, a target group is created on the Network Load Balancer and the load balancer target group runs default target health checks. By default, the health check is run against the service endpoint URL. Optionally, the health check can be performed against a different protocol, port, and/or path using the [CreateService:UrlEndpoint](https://docs.aws.amazon.com/migrationhub-refactor-spaces/latest/APIReference/API_CreateService.html#migrationhubrefactorspaces-CreateService-request-UrlEndpoint) parameter. All other health check settings for the load balancer use the default values described in the [Health checks for your target groups](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html) in the *ELB guide* . The health check is considered successful if at least one target within the target group transitions to a healthy state.
  * - *AWS Lambda function endpoints*
  *
- * If the service has an AWS Lambda function endpoint, then Refactor Spaces configures the Lambda function's resource policy to allow the application's API Gateway to invoke the function.
+ * If the service has an AWS Lambda function endpoint, then Refactor Spaces configures the Lambda function's resource policy to allow the application's ABP to invoke the function.
  *
  * The Lambda function state is checked. If the function is not active, the function configuration is updated so that Lambda resources are provisioned. If the Lambda state is `Failed` , then the route creation fails. For more information, see the [GetFunctionConfiguration's State response parameter](https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunctionConfiguration.html#SSS-GetFunctionConfiguration-response-State) in the *AWS Lambda Developer Guide* .
  *
@@ -125,7 +125,7 @@ export type RefactorSpacesRouteAttribs = {
      */
     Arn: string;
     /**
-     * A mapping of Amazon API Gateway path resources to resource IDs.
+     * A mapping of ABPlong path resources to resource IDs.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-refactorspaces-route.html#cfn-refactorspaces-route-pathresourcetoid}
      */
     PathResourceToId: string;

package/out/exports/resources.generated/aws-resiliencehub-app.d.ts

@@ -371,7 +371,7 @@ export type ResourceMapping = {
      */
     EksSourceName?: string | undefined;
     /**
-     * Name of the AWS CloudFormation stack this resource is mapped to when the `mappingType` is `CfnStack` .
+     * Name of the CloudFormation stack this resource is mapped to when the `mappingType` is `CfnStack` .
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resiliencehub-app-resourcemapping.html#cfn-resiliencehub-app-resourcemapping-logicalstackname}
      */
     LogicalStackName?: string | undefined;

package/out/exports/resources.generated/aws-route53-keysigningkey.d.ts

@@ -16,7 +16,7 @@ export type Route53KeySigningKeyProps = {
      */
     HostedZoneId: string;
     /**
-     * The Amazon resource name (ARN) for a customer managed customer master key (CMK) in AWS Key Management Service ( AWS KMS ). The `KeyManagementServiceArn` must be unique for each key-signing key (KSK) in a single hosted zone. For example: `arn:aws:kms:us-east-1:111122223333:key/111a2222-a11b-1ab1-2ab2-1ab21a2b3a111` .
+     * The Amazon resource name (ARN) for a customer managed customer master key (CMK) in AWS Key Management Service ( AWS  ). The `KeyManagementServiceArn` must be unique for each key-signing key (KSK) in a single hosted zone. For example: `arn:aws:kms:us-east-1:111122223333:key/111a2222-a11b-1ab1-2ab2-1ab21a2b3a111` .
      * @minLength 1
      * @maxLength 256
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53-keysigningkey.html#cfn-route53-keysigningkey-keymanagementservicearn}

package/out/exports/resources.generated/aws-rtbfabric-outboundexternallink.d.ts

@@ -0,0 +1,128 @@
+import type { ResourceDefinitionWithAttributes, Tag } from "../main.ts";
+/**
+ * Resource Type definition for AWS::RTBFabric::OutboundExternalLink Resource Type
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rtbfabric-outboundexternallink.html}
+ */
+export type RTBFabricOutboundExternalLink = ResourceDefinitionWithAttributes<"AWS::RTBFabric::OutboundExternalLink", RTBFabricOutboundExternalLinkProps, RTBFabricOutboundExternalLinkAttribs>;
+/**
+ * Resource Type definition for AWS::RTBFabric::OutboundExternalLink Resource Type
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rtbfabric-outboundexternallink.html}
+ */
+export type RTBFabricOutboundExternalLinkProps = {
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rtbfabric-outboundexternallink.html#cfn-rtbfabric-outboundexternallink-gatewayid}
+     */
+    GatewayId: string;
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rtbfabric-outboundexternallink.html#cfn-rtbfabric-outboundexternallink-linkattributes}
+     */
+    LinkAttributes?: LinkAttributes | undefined;
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rtbfabric-outboundexternallink.html#cfn-rtbfabric-outboundexternallink-linklogsettings}
+     */
+    LinkLogSettings: LinkLogSettings;
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rtbfabric-outboundexternallink.html#cfn-rtbfabric-outboundexternallink-publicendpoint}
+     */
+    PublicEndpoint: string;
+    /**
+     * Tags to assign to the Link.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rtbfabric-outboundexternallink.html#cfn-rtbfabric-outboundexternallink-tags}
+     */
+    Tags?: Tag[] | undefined;
+};
+/**
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rtbfabric-outboundexternallink.html#aws-resource-rtbfabric-outboundexternallink-return-values}
+ */
+export type RTBFabricOutboundExternalLinkAttribs = {
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rtbfabric-outboundexternallink.html#cfn-rtbfabric-outboundexternallink-arn}
+     */
+    Arn: string;
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rtbfabric-outboundexternallink.html#cfn-rtbfabric-outboundexternallink-createdtimestamp}
+     */
+    CreatedTimestamp: string;
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rtbfabric-outboundexternallink.html#cfn-rtbfabric-outboundexternallink-linkid}
+     */
+    LinkId: string;
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rtbfabric-outboundexternallink.html#cfn-rtbfabric-outboundexternallink-linkstatus}
+     */
+    LinkStatus: LinkStatus;
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rtbfabric-outboundexternallink.html#cfn-rtbfabric-outboundexternallink-updatedtimestamp}
+     */
+    UpdatedTimestamp: string;
+};
+/**
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rtbfabric-outboundexternallink-linkattributes.html}
+ */
+export type LinkAttributes = {
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rtbfabric-outboundexternallink-linkattributes.html#cfn-rtbfabric-outboundexternallink-linkattributes-customerprovidedid}
+     */
+    CustomerProvidedId?: string | undefined;
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rtbfabric-outboundexternallink-linkattributes.html#cfn-rtbfabric-outboundexternallink-linkattributes-respondererrormasking}
+     */
+    ResponderErrorMasking?: ResponderErrorMaskingForHttpCode[] | undefined;
+};
+/**
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rtbfabric-outboundexternallink-linklogsettings.html}
+ */
+export type LinkLogSettings = {
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rtbfabric-outboundexternallink-linklogsettings.html#cfn-rtbfabric-outboundexternallink-linklogsettings-applicationlogs}
+     */
+    ApplicationLogs: {
+        LinkApplicationLogSampling: {
+            /**
+             * @min 0
+             * @max 100
+             */
+            ErrorLog: number;
+            /**
+             * @min 0
+             * @max 100
+             */
+            FilterLog: number;
+        };
+    };
+};
+/**
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rtbfabric-outboundexternallink-linkstatus.html}
+ */
+export type LinkStatus = "PENDING_CREATION" | "PENDING_REQUEST" | "REQUESTED" | "ACCEPTED" | "ACTIVE" | "REJECTED" | "FAILED" | "PENDING_DELETION" | "DELETED" | "PENDING_UPDATE" | "PENDING_ISOLATION" | "ISOLATED" | "PENDING_RESTORATION" | "UNKNOWN_TO_SDK_VERSION";
+/**
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rtbfabric-outboundexternallink-respondererrormaskingforhttpcode.html}
+ */
+export type ResponderErrorMaskingForHttpCode = {
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rtbfabric-outboundexternallink-respondererrormaskingforhttpcode.html#cfn-rtbfabric-outboundexternallink-respondererrormaskingforhttpcode-action}
+     */
+    Action: "NO_BID" | "PASSTHROUGH";
+    /**
+     * @minLength 3
+     * @maxLength 7
+     * @pattern ^DEFAULT|4XX|5XX|\d{3}$
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rtbfabric-outboundexternallink-respondererrormaskingforhttpcode.html#cfn-rtbfabric-outboundexternallink-respondererrormaskingforhttpcode-httpcode}
+     */
+    HttpCode: string;
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rtbfabric-outboundexternallink-respondererrormaskingforhttpcode.html#cfn-rtbfabric-outboundexternallink-respondererrormaskingforhttpcode-loggingtypes}
+     */
+    LoggingTypes: ResponderErrorMaskingLoggingType[];
+    /**
+     * @min 0
+     * @max 100
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rtbfabric-outboundexternallink-respondererrormaskingforhttpcode.html#cfn-rtbfabric-outboundexternallink-respondererrormaskingforhttpcode-responseloggingpercentage}
+     */
+    ResponseLoggingPercentage?: number | undefined;
+};
+/**
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rtbfabric-outboundexternallink-respondererrormaskingloggingtype.html}
+ */
+export type ResponderErrorMaskingLoggingType = "NONE" | "METRIC" | "RESPONSE";
+//# sourceMappingURL=aws-rtbfabric-outboundexternallink.d.ts.map

package/out/exports/resources.generated/aws-rum-appmonitor.d.ts

@@ -44,7 +44,7 @@ export type RUMAppMonitorProps = {
      * @pattern ^(localhost)|^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|^(?![-.])([A-Za-z0-9-\.\-]{0,63})((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))\.(?![-])[A-Za-z-0-9]{1,63}((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))|^(\*\.)(?![-.])([A-Za-z0-9-\.\-]{0,63})((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))\.(?![-])[A-Za-z-0-9]{1,63}((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rum-appmonitor.html#cfn-rum-appmonitor-domain}
      */
-    Domain: string;
+    Domain?: string | undefined;
     /**
      * List the domain names for which your application has administrative authority. This parameter or the `Domain` parameter is required.
      *
@@ -61,71 +61,9 @@ export type RUMAppMonitorProps = {
      */
     Name: string;
     /**
-     * Use this structure to assign a resource-based policy to a CloudWatch RUM app monitor to control access to it. Each app monitor can have one resource-based policy. The maximum size of the policy is 4 KB. To learn more about using resource policies with RUM, see [Using resource-based policies with CloudWatch RUM](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-RUM-resource-policies.html) .
-     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rum-appmonitor.html#cfn-rum-appmonitor-resourcepolicy}
-     */
-    ResourcePolicy?: ResourcePolicy | undefined;
-    /**
-     * Assigns one or more tags (key-value pairs) to the app monitor.
-     *
-     * Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values.
-     *
-     * Tags don't have any semantic meaning to AWS and are interpreted strictly as strings of characters.
-     *
-     * You can associate as many as 50 tags with an app monitor.
-     *
-     * For more information, see [Tagging AWS resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) .
-     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rum-appmonitor.html#cfn-rum-appmonitor-tags}
-     */
-    Tags?: Tag[] | undefined;
-} | {
-    /**
-     * A structure that contains much of the configuration data for the app monitor. If you are using Amazon Cognito for authorization, you must include this structure in your request, and it must include the ID of the Amazon Cognito identity pool to use for authorization. If you don't include `AppMonitorConfiguration` , you must set up your own authorization method. For more information, see [Authorize your application to send data to AWS](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-RUM-get-started-authorization.html) .
-     *
-     * If you omit this argument, the sample rate used for CloudWatch RUM is set to 10% of the user sessions.
-     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rum-appmonitor.html#cfn-rum-appmonitor-appmonitorconfiguration}
-     */
-    AppMonitorConfiguration?: AppMonitorConfiguration | undefined;
-    /**
-     * Specifies whether this app monitor allows the web client to define and send custom events. If you omit this parameter, custom events are `DISABLED` .
-     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rum-appmonitor.html#cfn-rum-appmonitor-customevents}
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rum-appmonitor.html#cfn-rum-appmonitor-platform}
      */
-    CustomEvents?: CustomEvents | undefined;
-    /**
-     * Data collected by CloudWatch RUM is kept by RUM for 30 days and then deleted. This parameter specifies whether CloudWatch RUM sends a copy of this telemetry data to Amazon CloudWatch Logs in your account. This enables you to keep the telemetry data for more than 30 days, but it does incur Amazon CloudWatch Logs charges.
-     *
-     * If you omit this parameter, the default is `false` .
-     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rum-appmonitor.html#cfn-rum-appmonitor-cwlogenabled}
-     */
-    CwLogEnabled?: boolean | undefined;
-    /**
-     * A structure that contains the configuration for how an app monitor can deobfuscate stack traces.
-     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rum-appmonitor.html#cfn-rum-appmonitor-deobfuscationconfiguration}
-     */
-    DeobfuscationConfiguration?: DeobfuscationConfiguration | undefined;
-    /**
-     * The top-level internet domain name for which your application has administrative authority. This parameter or the `DomainList` parameter is required.
-     * @minLength 1
-     * @maxLength 253
-     * @pattern ^(localhost)|^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|^(?![-.])([A-Za-z0-9-\.\-]{0,63})((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))\.(?![-])[A-Za-z-0-9]{1,63}((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))|^(\*\.)(?![-.])([A-Za-z0-9-\.\-]{0,63})((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))\.(?![-])[A-Za-z-0-9]{1,63}((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))
-     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rum-appmonitor.html#cfn-rum-appmonitor-domain}
-     */
-    Domain?: string | undefined;
-    /**
-     * List the domain names for which your application has administrative authority. This parameter or the `Domain` parameter is required.
-     *
-     * You can have a minimum of 1 and a maximum of 5 `Domain` under `DomainList` . Each `Domain` must be a minimum length of 1 and a maximum of 253 characters.
-     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rum-appmonitor.html#cfn-rum-appmonitor-domainlist}
-     */
-    DomainList: string[];
-    /**
-     * A name for the app monitor. This parameter is required.
-     * @minLength 1
-     * @maxLength 255
-     * @pattern [\.\-_/#A-Za-z0-9]+
-     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rum-appmonitor.html#cfn-rum-appmonitor-name}
-     */
-    Name: string;
+    Platform?: "Web" | "Android" | "iOS" | undefined;
     /**
      * Use this structure to assign a resource-based policy to a CloudWatch RUM app monitor to control access to it. Each app monitor can have one resource-based policy. The maximum size of the policy is 4 KB. To learn more about using resource policies with RUM, see [Using resource-based policies with CloudWatch RUM](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-RUM-resource-policies.html) .
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rum-appmonitor.html#cfn-rum-appmonitor-resourcepolicy}

package/out/exports/resources.generated/aws-s3-accesspoint.d.ts

@@ -87,7 +87,7 @@ export type S3AccessPointAttribs = {
     NetworkOrigin: "Internet" | "VPC";
 };
 /**
- * The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* .
+ * The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Bucket-level settings work alongside account-level settings (which may inherit from organization-level policies). For more information about when Amazon S3 considers a bucket or object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html}
  */
 export type PublicAccessBlockConfiguration = {

package/out/exports/resources.generated/aws-s3-bucket.d.ts

@@ -17,6 +17,11 @@ export type S3Bucket = ResourceDefinitionWithAttributes<"AWS::S3::Bucket", S3Buc
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html}
  */
 export type S3BucketProps = {
+    /**
+     * The ABAC status of the general purpose bucket. When ABAC is enabled for the general purpose bucket, you can use tags to manage access to the general purpose buckets as well as for cost tracking purposes. When ABAC is disabled for the general purpose buckets, you can only use tags for cost tracking purposes. For more information, see [Using tags with S3 general purpose buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging.html) .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html#cfn-s3-bucket-abacstatus}
+     */
+    AbacStatus?: "Enabled" | "Disabled" | undefined;
     /**
      * Configures the transfer acceleration state for an Amazon S3 bucket. For more information, see [Amazon S3 Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in the *Amazon S3 User Guide* .
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html#cfn-s3-bucket-accelerateconfiguration}
@@ -289,6 +294,29 @@ export type AnalyticsConfiguration = {
      */
     TagFilters?: TagFilter[] | undefined;
 };
+/**
+ * A bucket-level setting for Amazon S3 general purpose buckets used to prevent the upload of new objects encrypted with the specified server-side encryption type. For example, blocking an encryption type will block `PutObject` , `CopyObject` , `PostObject` , multipart upload, and replication requests to the bucket for objects with the specified encryption type. However, you can continue to read and list any pre-existing objects already encrypted with the specified encryption type. For more information, see [Blocking or unblocking SSE-C for a general purpose bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/blocking-unblocking-s3-c-encryption-gpb.html) .
+ *
+ * This data type is used with the following actions:
+ *
+ * - [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html)
+ * - [GetBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html)
+ * - [DeleteBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html)
+ *
+ * - **Permissions** - You must have the `s3:PutEncryptionConfiguration` permission to block or unblock an encryption type for a bucket.
+ *
+ * You must have the `s3:GetEncryptionConfiguration` permission to view a bucket's encryption type.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-blockedencryptiontypes.html}
+ */
+export type BlockedEncryptionTypes = {
+    /**
+     * The object encryption type that you want to block or unblock for an Amazon S3 general purpose bucket.
+     *
+     * > Currently, this parameter only supports blocking or unblocking server side encryption with customer-provided keys (SSE-C). For more information about SSE-C, see [Using server-side encryption with customer-provided keys (SSE-C)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html) .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-blockedencryptiontypes.html#cfn-s3-bucket-blockedencryptiontypes-encryptiontype}
+     */
+    EncryptionType?: ("NONE" | "SSE-C")[] | undefined;
+};
 /**
  * Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3), AWS KMS-managed keys (SSE-KMS), or dual-layer server-side encryption with KMS-managed keys (DSSE-KMS). For information about the Amazon S3 default encryption feature, see [Amazon S3 Default Encryption for S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the *Amazon S3 User Guide* .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-bucketencryption.html}
@@ -439,7 +467,7 @@ export type Destination = {
 /**
  * Specifies encryption-related information for an Amazon S3 bucket that is a destination for replicated objects.
  *
- * > If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
+ * > If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS  resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-encryptionconfiguration.html}
  */
 export type EncryptionConfiguration = {
@@ -692,12 +720,12 @@ export type MetadataTableConfiguration = {
  */
 export type MetadataTableEncryptionConfiguration = {
     /**
-     * If server-side encryption with AWS Key Management Service ( AWS KMS ) keys (SSE-KMS) is specified, you must also specify the KMS key Amazon Resource Name (ARN). You must specify a customer-managed KMS key that's located in the same Region as the general purpose bucket that corresponds to the metadata table configuration.
+     * If server-side encryption with AWS Key Management Service ( AWS  ) keys (SSE-KMS) is specified, you must also specify the KMS key Amazon Resource Name (ARN). You must specify a customer-managed KMS key that's located in the same Region as the general purpose bucket that corresponds to the metadata table configuration.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-metadatatableencryptionconfiguration.html#cfn-s3-bucket-metadatatableencryptionconfiguration-kmskeyarn}
      */
     KmsKeyArn?: string | undefined;
     /**
-     * The encryption type specified for a metadata table. To specify server-side encryption with AWS Key Management Service ( AWS KMS ) keys (SSE-KMS), use the `aws:kms` value. To specify server-side encryption with Amazon S3 managed keys (SSE-S3), use the `AES256` value.
+     * The encryption type specified for a metadata table. To specify server-side encryption with AWS Key Management Service ( AWS  ) keys (SSE-KMS), use the `aws:kms` value. To specify server-side encryption with Amazon S3 managed keys (SSE-S3), use the `AES256` value.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-metadatatableencryptionconfiguration.html#cfn-s3-bucket-metadatatableencryptionconfiguration-ssealgorithm}
      */
     SseAlgorithm: "aws:kms" | "AES256";
@@ -899,7 +927,7 @@ export type PartitionedPrefix = {
     PartitionDateSource?: "EventTime" | "DeliveryTime" | undefined;
 };
 /**
- * The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* .
+ * The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Bucket-level settings work alongside account-level settings (which may inherit from organization-level policies). For more information about when Amazon S3 considers a bucket or object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html}
  */
 export type PublicAccessBlockConfiguration = {
@@ -1419,8 +1447,8 @@ export type ServerSideEncryptionByDefault = {
      *
      * If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy) .
      *
-     * > - *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log.
-     * > - *Directory buckets* - When you specify an [AWS KMS customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. > Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in AWS KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *AWS Key Management Service Developer Guide* .
+     * > - *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS  resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log.
+     * > - *Directory buckets* - When you specify an [AWS  customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. > Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in AWS KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *AWS Key Management Service Developer Guide* .
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionbydefault.html#cfn-s3-bucket-serversideencryptionbydefault-kmsmasterkeyid}
      */
     KMSMasterKeyID?: string | undefined;
@@ -1435,11 +1463,18 @@ export type ServerSideEncryptionByDefault = {
 /**
  * Specifies the default server-side encryption configuration.
  *
- * > - *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
- * > - *Directory buckets* - When you specify an [AWS KMS customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.
+ * > - *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS  resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
+ * > - *Directory buckets* - When you specify an [AWS  customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionrule.html}
  */
 export type ServerSideEncryptionRule = {
+    /**
+     * A bucket-level setting for Amazon S3 general purpose buckets used to prevent the upload of new objects encrypted with the specified server-side encryption type. For example, blocking an encryption type will block `PutObject` , `CopyObject` , `PostObject` , multipart upload, and replication requests to the bucket for objects with the specified encryption type. However, you can continue to read and list any pre-existing objects already encrypted with the specified encryption type. For more information, see [Blocking or unblocking SSE-C for a general purpose bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/blocking-unblocking-s3-c-encryption-gpb.html) .
+     *
+     * > Currently, this parameter only supports blocking or unblocking server-side encryption with customer-provided keys (SSE-C). For more information about SSE-C, see [Using server-side encryption with customer-provided keys (SSE-C)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html) .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionrule.html#cfn-s3-bucket-serversideencryptionrule-blockedencryptiontypes}
+     */
+    BlockedEncryptionTypes?: BlockedEncryptionTypes | undefined;
     /**
      * Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects are not affected. Setting the `BucketKeyEnabled` element to `true` causes Amazon S3 to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled.
      *

package/out/exports/resources.generated/aws-s3-storagelens.d.ts

@@ -286,7 +286,7 @@ export type S3BucketDestination = {
  */
 export type SSEKMS = {
     /**
-     * Specifies the Amazon Resource Name (ARN) of the customer managed AWS KMS key to use for encrypting the S3 Storage Lens metrics export file. Amazon S3 only supports symmetric encryption keys. For more information, see [Special-purpose keys](https://docs.aws.amazon.com/kms/latest/developerguide/key-types.html) in the *AWS Key Management Service Developer Guide* .
+     * Specifies the Amazon Resource Name (ARN) of the customer managed AWS  key to use for encrypting the S3 Storage Lens metrics export file. Amazon S3 only supports symmetric encryption keys. For more information, see [Special-purpose keys](https://docs.aws.amazon.com/kms/latest/developerguide/key-types.html) in the *AWS Key Management Service Developer Guide* .
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-ssekms.html#cfn-s3-storagelens-ssekms-keyid}
      */
     KeyId: string;

package/out/exports/resources.generated/aws-s3objectlambda-accesspoint.d.ts

@@ -18,8 +18,6 @@ export type S3ObjectLambdaAccessPointProps = {
      */
     Name?: string | undefined;
     /**
-     * > Amazon S3 Object Lambda will no longer be open to new customers starting on 11/7/2025. If you would like to use the service, please sign up prior to 11/7/2025. For capabilities similar to S3 Object Lambda, learn more here - [Amazon S3 Object Lambda availability change](https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazons3-ol-change.html) .
-     *
      * A configuration used when creating an Object Lambda Access Point.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3objectlambda-accesspoint.html#cfn-s3objectlambda-accesspoint-objectlambdaconfiguration}
      */
@@ -74,8 +72,6 @@ export type AwsLambda = {
     FunctionPayload?: string | undefined;
 };
 /**
- * > Amazon S3 Object Lambda will no longer be open to new customers starting on 11/7/2025. If you would like to use the service, please sign up prior to 11/7/2025. For capabilities similar to S3 Object Lambda, learn more here - [Amazon S3 Object Lambda availability change](https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazons3-ol-change.html) .
- *
  * A configuration used when creating an Object Lambda Access Point.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3objectlambda-accesspoint-objectlambdaconfiguration.html}
  */
@@ -104,8 +100,6 @@ export type ObjectLambdaConfiguration = {
     TransformationConfigurations: TransformationConfiguration[];
 };
 /**
- * > Amazon S3 Object Lambda will no longer be open to new customers starting on 11/7/2025. If you would like to use the service, please sign up prior to 11/7/2025. For capabilities similar to S3 Object Lambda, learn more here - [Amazon S3 Object Lambda availability change](https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazons3-ol-change.html) .
- *
  * A configuration used when creating an Object Lambda Access Point transformation.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3objectlambda-accesspoint-transformationconfiguration.html}
  */