aws-cdk-lib 2.100.0__py3-none-any.whl → 2.101.1__py3-none-any.whl

aws_cdk/aws_events/__init__.py

@@ -3325,11 +3325,14 @@ class CfnEventBus(
         # The values are placeholders you should change.
         from aws_cdk import aws_events as events
         
+        # policy: Any
+        
         cfn_event_bus = events.CfnEventBus(self, "MyCfnEventBus",
             name="name",
         
             # the properties below are optional
             event_source_name="eventSourceName",
+            policy=policy,
             tags=[events.CfnEventBus.TagEntryProperty(
                 key="key",
                 value="value"
@@ -3344,6 +3347,7 @@ class CfnEventBus(
         *,
         name: builtins.str,
         event_source_name: typing.Optional[builtins.str] = None,
+        policy: typing.Any = None,
         tags: typing.Optional[typing.Sequence[typing.Union["CfnEventBus.TagEntryProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''
@@ -3351,6 +3355,7 @@ class CfnEventBus(
         :param id: Construct identifier for this resource (unique in its scope).
         :param name: The name of the new event bus. Custom event bus names can't contain the ``/`` character, but you can use the ``/`` character in partner event bus names. In addition, for partner event buses, the name must exactly match the name of the partner event source that this event bus is matched to. You can't use the name ``default`` for a custom event bus, as this name is already used for your account's default event bus.
         :param event_source_name: If you are creating a partner event bus, this specifies the partner event source that the new event bus will be matched with.
+        :param policy: 
         :param tags: Tags to associate with the event bus.
         '''
         if __debug__:
@@ -3358,7 +3363,7 @@ class CfnEventBus(
             check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
         props = CfnEventBusProps(
-            name=name, event_source_name=event_source_name, tags=tags
+            name=name, event_source_name=event_source_name, policy=policy, tags=tags
         )
 
         jsii.create(self.__class__, self, [scope, id, props])
@@ -3459,6 +3464,18 @@ class CfnEventBus(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "eventSourceName", value)
 
+    @builtins.property
+    @jsii.member(jsii_name="policy")
+    def policy(self) -> typing.Any:
+        return typing.cast(typing.Any, jsii.get(self, "policy"))
+
+    @policy.setter
+    def policy(self, value: typing.Any) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__6069dbf8a749c1a9a0cd15c07c6efbd2f70dbd4c7e3a6e98efd29bdb8c7acb24)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "policy", value)
+
     @builtins.property
     @jsii.member(jsii_name="tags")
     def tags(self) -> typing.Optional[typing.List["CfnEventBus.TagEntryProperty"]]:
@@ -4025,6 +4042,7 @@ class CfnEventBusPolicyProps:
     name_mapping={
         "name": "name",
         "event_source_name": "eventSourceName",
+        "policy": "policy",
         "tags": "tags",
     },
 )
@@ -4034,12 +4052,14 @@ class CfnEventBusProps:
         *,
         name: builtins.str,
         event_source_name: typing.Optional[builtins.str] = None,
+        policy: typing.Any = None,
         tags: typing.Optional[typing.Sequence[typing.Union[CfnEventBus.TagEntryProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''Properties for defining a ``CfnEventBus``.
 
         :param name: The name of the new event bus. Custom event bus names can't contain the ``/`` character, but you can use the ``/`` character in partner event bus names. In addition, for partner event buses, the name must exactly match the name of the partner event source that this event bus is matched to. You can't use the name ``default`` for a custom event bus, as this name is already used for your account's default event bus.
         :param event_source_name: If you are creating a partner event bus, this specifies the partner event source that the new event bus will be matched with.
+        :param policy: 
         :param tags: Tags to associate with the event bus.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-eventbus.html
@@ -4051,11 +4071,14 @@ class CfnEventBusProps:
             # The values are placeholders you should change.
             from aws_cdk import aws_events as events
             
+            # policy: Any
+            
             cfn_event_bus_props = events.CfnEventBusProps(
                 name="name",
             
                 # the properties below are optional
                 event_source_name="eventSourceName",
+                policy=policy,
                 tags=[events.CfnEventBus.TagEntryProperty(
                     key="key",
                     value="value"
@@ -4066,12 +4089,15 @@ class CfnEventBusProps:
             type_hints = typing.get_type_hints(_typecheckingstub__79e3f734387b70ada8040490433e9e9ec9b92701ddfb55826c4adc11103c69a9)
             check_type(argname="argument name", value=name, expected_type=type_hints["name"])
             check_type(argname="argument event_source_name", value=event_source_name, expected_type=type_hints["event_source_name"])
+            check_type(argname="argument policy", value=policy, expected_type=type_hints["policy"])
             check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "name": name,
         }
         if event_source_name is not None:
             self._values["event_source_name"] = event_source_name
+        if policy is not None:
+            self._values["policy"] = policy
         if tags is not None:
             self._values["tags"] = tags
 
@@ -4098,6 +4124,14 @@ class CfnEventBusProps:
         result = self._values.get("event_source_name")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def policy(self) -> typing.Any:
+        '''
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-eventbus.html#cfn-events-eventbus-policy
+        '''
+        result = self._values.get("policy")
+        return typing.cast(typing.Any, result)
+
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[CfnEventBus.TagEntryProperty]]:
         '''Tags to associate with the event bus.
@@ -4255,6 +4289,7 @@ class CfnRule(
                     db_user="dbUser",
                     secret_manager_arn="secretManagerArn",
                     sql="sql",
+                    sqls=["sqls"],
                     statement_name="statementName",
                     with_event=False
                 ),
@@ -5808,6 +5843,7 @@ class CfnRule(
             "db_user": "dbUser",
             "secret_manager_arn": "secretManagerArn",
             "sql": "sql",
+            "sqls": "sqls",
             "statement_name": "statementName",
             "with_event": "withEvent",
         },
@@ -5820,6 +5856,7 @@ class CfnRule(
             db_user: typing.Optional[builtins.str] = None,
             secret_manager_arn: typing.Optional[builtins.str] = None,
             sql: typing.Optional[builtins.str] = None,
+            sqls: typing.Optional[typing.Sequence[builtins.str]] = None,
             statement_name: typing.Optional[builtins.str] = None,
             with_event: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         ) -> None:
@@ -5829,6 +5866,7 @@ class CfnRule(
             :param db_user: The database user name. Required when authenticating using temporary credentials.
             :param secret_manager_arn: The name or ARN of the secret that enables access to the database. Required when authenticating using AWS Secrets Manager.
             :param sql: The SQL statement text to run.
+            :param sqls: 
             :param statement_name: The name of the SQL statement. You can name the SQL statement when you create it to identify the query.
             :param with_event: Indicates whether to send an event back to EventBridge after the SQL statement runs.
 
@@ -5848,6 +5886,7 @@ class CfnRule(
                     db_user="dbUser",
                     secret_manager_arn="secretManagerArn",
                     sql="sql",
+                    sqls=["sqls"],
                     statement_name="statementName",
                     with_event=False
                 )
@@ -5858,6 +5897,7 @@ class CfnRule(
                 check_type(argname="argument db_user", value=db_user, expected_type=type_hints["db_user"])
                 check_type(argname="argument secret_manager_arn", value=secret_manager_arn, expected_type=type_hints["secret_manager_arn"])
                 check_type(argname="argument sql", value=sql, expected_type=type_hints["sql"])
+                check_type(argname="argument sqls", value=sqls, expected_type=type_hints["sqls"])
                 check_type(argname="argument statement_name", value=statement_name, expected_type=type_hints["statement_name"])
                 check_type(argname="argument with_event", value=with_event, expected_type=type_hints["with_event"])
             self._values: typing.Dict[builtins.str, typing.Any] = {
@@ -5869,6 +5909,8 @@ class CfnRule(
                 self._values["secret_manager_arn"] = secret_manager_arn
             if sql is not None:
                 self._values["sql"] = sql
+            if sqls is not None:
+                self._values["sqls"] = sqls
             if statement_name is not None:
                 self._values["statement_name"] = statement_name
             if with_event is not None:
@@ -5917,6 +5959,14 @@ class CfnRule(
             result = self._values.get("sql")
             return typing.cast(typing.Optional[builtins.str], result)
 
+        @builtins.property
+        def sqls(self) -> typing.Optional[typing.List[builtins.str]]:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-redshiftdataparameters.html#cfn-events-rule-redshiftdataparameters-sqls
+            '''
+            result = self._values.get("sqls")
+            return typing.cast(typing.Optional[typing.List[builtins.str]], result)
+
         @builtins.property
         def statement_name(self) -> typing.Optional[builtins.str]:
             '''The name of the SQL statement.
@@ -6339,83 +6389,6 @@ class CfnRule(
                 k + "=" + repr(v) for k, v in self._values.items()
             )
 
-    @jsii.data_type(
-        jsii_type="aws-cdk-lib.aws_events.CfnRule.TagProperty",
-        jsii_struct_bases=[],
-        name_mapping={"key": "key", "value": "value"},
-    )
-    class TagProperty:
-        def __init__(
-            self,
-            *,
-            key: typing.Optional[builtins.str] = None,
-            value: typing.Optional[builtins.str] = None,
-        ) -> None:
-            '''A key-value pair associated with an ECS Target of an EventBridge rule.
-
-            The tag will be propagated to ECS by EventBridge when starting an ECS task based on a matched event.
-            .. epigraph::
-
-               Currently, tags are only available when using ECS with EventBridge .
-
-            :param key: A string you can use to assign a value. The combination of tag keys and values can help you organize and categorize your resources.
-            :param value: The value for the specified tag key.
-
-            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-tag.html
-            :exampleMetadata: fixture=_generated
-
-            Example::
-
-                # The code below shows an example of how to instantiate this type.
-                # The values are placeholders you should change.
-                from aws_cdk import aws_events as events
-                
-                tag_property = events.CfnRule.TagProperty(
-                    key="key",
-                    value="value"
-                )
-            '''
-            if __debug__:
-                type_hints = typing.get_type_hints(_typecheckingstub__631f1d2d2d85524250006a517cca6b338bebc43b645c2702b2ce2831b61f317a)
-                check_type(argname="argument key", value=key, expected_type=type_hints["key"])
-                check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-            self._values: typing.Dict[builtins.str, typing.Any] = {}
-            if key is not None:
-                self._values["key"] = key
-            if value is not None:
-                self._values["value"] = value
-
-        @builtins.property
-        def key(self) -> typing.Optional[builtins.str]:
-            '''A string you can use to assign a value.
-
-            The combination of tag keys and values can help you organize and categorize your resources.
-
-            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-tag.html#cfn-events-rule-tag-key
-            '''
-            result = self._values.get("key")
-            return typing.cast(typing.Optional[builtins.str], result)
-
-        @builtins.property
-        def value(self) -> typing.Optional[builtins.str]:
-            '''The value for the specified tag key.
-
-            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-tag.html#cfn-events-rule-tag-value
-            '''
-            result = self._values.get("value")
-            return typing.cast(typing.Optional[builtins.str], result)
-
-        def __eq__(self, rhs: typing.Any) -> builtins.bool:
-            return isinstance(rhs, self.__class__) and rhs._values == self._values
-
-        def __ne__(self, rhs: typing.Any) -> builtins.bool:
-            return not (rhs == self)
-
-        def __repr__(self) -> str:
-            return "TagProperty(%s)" % ", ".join(
-                k + "=" + repr(v) for k, v in self._values.items()
-            )
-
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_events.CfnRule.TargetProperty",
         jsii_struct_bases=[],
@@ -6581,6 +6554,7 @@ class CfnRule(
                         db_user="dbUser",
                         secret_manager_arn="secretManagerArn",
                         sql="sql",
+                        sqls=["sqls"],
                         statement_name="statementName",
                         with_event=False
                     ),
@@ -7008,6 +6982,7 @@ class CfnRuleProps:
                         db_user="dbUser",
                         secret_manager_arn="secretManagerArn",
                         sql="sql",
+                        sqls=["sqls"],
                         statement_name="statementName",
                         with_event=False
                     ),
@@ -11643,6 +11618,7 @@ def _typecheckingstub__5766595a149723459145d9f55c6afa7ed3017d49f4af7cec85e0fffe2
     *,
     name: builtins.str,
     event_source_name: typing.Optional[builtins.str] = None,
+    policy: typing.Any = None,
     tags: typing.Optional[typing.Sequence[typing.Union[CfnEventBus.TagEntryProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""
@@ -11672,6 +11648,12 @@ def _typecheckingstub__1c09871ed225f5073f64a2472bb4ad2653f751351d1d800cc2db527a4
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__6069dbf8a749c1a9a0cd15c07c6efbd2f70dbd4c7e3a6e98efd29bdb8c7acb24(
+    value: typing.Any,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__7839bb5f17e47516f1a7287848eb4905b08ca899cd21b2544645df1f4bedb748(
     value: typing.Optional[typing.List[CfnEventBus.TagEntryProperty]],
 ) -> None:
@@ -11773,6 +11755,7 @@ def _typecheckingstub__79e3f734387b70ada8040490433e9e9ec9b92701ddfb55826c4adc111
     *,
     name: builtins.str,
     event_source_name: typing.Optional[builtins.str] = None,
+    policy: typing.Any = None,
     tags: typing.Optional[typing.Sequence[typing.Union[CfnEventBus.TagEntryProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""
@@ -11976,6 +11959,7 @@ def _typecheckingstub__183646a052d824f887b6e170455aff3fbf5557ac2188f001395f11ea4
     db_user: typing.Optional[builtins.str] = None,
     secret_manager_arn: typing.Optional[builtins.str] = None,
     sql: typing.Optional[builtins.str] = None,
+    sqls: typing.Optional[typing.Sequence[builtins.str]] = None,
     statement_name: typing.Optional[builtins.str] = None,
     with_event: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
 ) -> None:
@@ -12027,14 +12011,6 @@ def _typecheckingstub__0c3b4b126e08cc64ec28ca363e425756d47fd556f940c55bffd86e3ad
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__631f1d2d2d85524250006a517cca6b338bebc43b645c2702b2ce2831b61f317a(
-    *,
-    key: typing.Optional[builtins.str] = None,
-    value: typing.Optional[builtins.str] = None,
-) -> None:
-    """Type checking stubs"""
-    pass
-
 def _typecheckingstub__0bb173839da3c22730cab96567bb586361722029ca0fab74f2c0ebd9eea2ed31(
     *,
     arn: builtins.str,

aws_cdk/aws_fms/__init__.py

@@ -345,7 +345,7 @@ class CfnPolicy(
         :param exclude_map: Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time. You can specify inclusions or exclusions, but not both. If you specify an ``IncludeMap`` , AWS Firewall Manager applies the policy to all accounts specified by the ``IncludeMap`` , and does not evaluate any ``ExcludeMap`` specifications. If you do not specify an ``IncludeMap`` , then Firewall Manager applies the policy to all accounts except for those specified by the ``ExcludeMap`` . You can specify account IDs, OUs, or a combination: - Specify account IDs by setting the key to ``ACCOUNT`` . For example, the following is a valid map: ``{“ACCOUNT” : [“accountID1”, “accountID2”]}`` . - Specify OUs by setting the key to ``ORGUNIT`` . For example, the following is a valid map: ``{“ORGUNIT” : [“ouid111”, “ouid112”]}`` . - Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: ``{“ACCOUNT” : [“accountID1”, “accountID2”], “ORGUNIT” : [“ouid111”, “ouid112”]}`` .
         :param include_map: Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time. You can specify inclusions or exclusions, but not both. If you specify an ``IncludeMap`` , AWS Firewall Manager applies the policy to all accounts specified by the ``IncludeMap`` , and does not evaluate any ``ExcludeMap`` specifications. If you do not specify an ``IncludeMap`` , then Firewall Manager applies the policy to all accounts except for those specified by the ``ExcludeMap`` . You can specify account IDs, OUs, or a combination: - Specify account IDs by setting the key to ``ACCOUNT`` . For example, the following is a valid map: ``{“ACCOUNT” : [“accountID1”, “accountID2”]}`` . - Specify OUs by setting the key to ``ORGUNIT`` . For example, the following is a valid map: ``{“ORGUNIT” : [“ouid111”, “ouid112”]}`` . - Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: ``{“ACCOUNT” : [“accountID1”, “accountID2”], “ORGUNIT” : [“ouid111”, “ouid112”]}`` .
         :param policy_description: The definition of the AWS Network Firewall firewall policy.
-        :param resources_clean_up: Indicates whether AWS Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL from a protected customer resource when the customer resource leaves policy scope. By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources. This option is not available for AWS WAF Classic policies.
+        :param resources_clean_up: Indicates whether AWS Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL from a protected customer resource when the customer resource leaves policy scope. By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources. This option is not available for Shield Advanced or AWS WAF Classic policies.
         :param resource_set_ids: The unique identifiers of the resource sets used by the policy.
         :param resource_tags: An array of ``ResourceTag`` objects, used to explicitly include resources in the policy scope or explicitly exclude them. If this isn't set, then tags aren't used to modify policy scope. See also ``ExcludeResourceTags`` .
         :param resource_type: The type of resource protected by or in scope of the policy. This is in the format shown in the `AWS Resource Types Reference <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html>`_ . To apply this policy to multiple resource types, specify a resource type of ``ResourceTypeList`` and then specify the resource types in a ``ResourceTypeList`` . For AWS WAF and Shield Advanced, example resource types include ``AWS::ElasticLoadBalancingV2::LoadBalancer`` and ``AWS::CloudFront::Distribution`` . For a security group common policy, valid values are ``AWS::EC2::NetworkInterface`` and ``AWS::EC2::Instance`` . For a security group content audit policy, valid values are ``AWS::EC2::SecurityGroup`` , ``AWS::EC2::NetworkInterface`` , and ``AWS::EC2::Instance`` . For a security group usage audit policy, the value is ``AWS::EC2::SecurityGroup`` . For an AWS Network Firewall policy or DNS Firewall policy, the value is ``AWS::EC2::VPC`` .
@@ -1324,7 +1324,7 @@ class CfnPolicyProps:
         :param exclude_map: Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time. You can specify inclusions or exclusions, but not both. If you specify an ``IncludeMap`` , AWS Firewall Manager applies the policy to all accounts specified by the ``IncludeMap`` , and does not evaluate any ``ExcludeMap`` specifications. If you do not specify an ``IncludeMap`` , then Firewall Manager applies the policy to all accounts except for those specified by the ``ExcludeMap`` . You can specify account IDs, OUs, or a combination: - Specify account IDs by setting the key to ``ACCOUNT`` . For example, the following is a valid map: ``{“ACCOUNT” : [“accountID1”, “accountID2”]}`` . - Specify OUs by setting the key to ``ORGUNIT`` . For example, the following is a valid map: ``{“ORGUNIT” : [“ouid111”, “ouid112”]}`` . - Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: ``{“ACCOUNT” : [“accountID1”, “accountID2”], “ORGUNIT” : [“ouid111”, “ouid112”]}`` .
         :param include_map: Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time. You can specify inclusions or exclusions, but not both. If you specify an ``IncludeMap`` , AWS Firewall Manager applies the policy to all accounts specified by the ``IncludeMap`` , and does not evaluate any ``ExcludeMap`` specifications. If you do not specify an ``IncludeMap`` , then Firewall Manager applies the policy to all accounts except for those specified by the ``ExcludeMap`` . You can specify account IDs, OUs, or a combination: - Specify account IDs by setting the key to ``ACCOUNT`` . For example, the following is a valid map: ``{“ACCOUNT” : [“accountID1”, “accountID2”]}`` . - Specify OUs by setting the key to ``ORGUNIT`` . For example, the following is a valid map: ``{“ORGUNIT” : [“ouid111”, “ouid112”]}`` . - Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: ``{“ACCOUNT” : [“accountID1”, “accountID2”], “ORGUNIT” : [“ouid111”, “ouid112”]}`` .
         :param policy_description: The definition of the AWS Network Firewall firewall policy.
-        :param resources_clean_up: Indicates whether AWS Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL from a protected customer resource when the customer resource leaves policy scope. By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources. This option is not available for AWS WAF Classic policies.
+        :param resources_clean_up: Indicates whether AWS Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL from a protected customer resource when the customer resource leaves policy scope. By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources. This option is not available for Shield Advanced or AWS WAF Classic policies.
         :param resource_set_ids: The unique identifiers of the resource sets used by the policy.
         :param resource_tags: An array of ``ResourceTag`` objects, used to explicitly include resources in the policy scope or explicitly exclude them. If this isn't set, then tags aren't used to modify policy scope. See also ``ExcludeResourceTags`` .
         :param resource_type: The type of resource protected by or in scope of the policy. This is in the format shown in the `AWS Resource Types Reference <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html>`_ . To apply this policy to multiple resource types, specify a resource type of ``ResourceTypeList`` and then specify the resource types in a ``ResourceTypeList`` . For AWS WAF and Shield Advanced, example resource types include ``AWS::ElasticLoadBalancingV2::LoadBalancer`` and ``AWS::CloudFront::Distribution`` . For a security group common policy, valid values are ``AWS::EC2::NetworkInterface`` and ``AWS::EC2::Instance`` . For a security group content audit policy, valid values are ``AWS::EC2::SecurityGroup`` , ``AWS::EC2::NetworkInterface`` , and ``AWS::EC2::Instance`` . For a security group usage audit policy, the value is ``AWS::EC2::SecurityGroup`` . For an AWS Network Firewall policy or DNS Firewall policy, the value is ``AWS::EC2::VPC`` .
@@ -1662,7 +1662,7 @@ class CfnPolicyProps:
 
         By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
 
-        This option is not available for AWS WAF Classic policies.
+        This option is not available for Shield Advanced or AWS WAF Classic policies.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-fms-policy.html#cfn-fms-policy-resourcescleanup
         '''

aws_cdk/aws_grafana/__init__.py

@@ -143,7 +143,7 @@ class CfnWorkspace(
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param account_access_type: Specifies whether the workspace can access AWS resources in this AWS account only, or whether it can also access AWS resources in other accounts in the same organization. If this is ``ORGANIZATION`` , the ``OrganizationalUnits`` parameter specifies which organizational units the workspace can access.
-        :param authentication_providers: Specifies whether this workspace uses SAML 2.0, AWS IAM Identity Center (successor to AWS Single Sign-On) , or both to authenticate users for using the Grafana console within a workspace. For more information, see `User authentication in Amazon Managed Grafana <https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html>`_ .
+        :param authentication_providers: Specifies whether this workspace uses SAML 2.0, AWS IAM Identity Center , or both to authenticate users for using the Grafana console within a workspace. For more information, see `User authentication in Amazon Managed Grafana <https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html>`_ .
         :param permission_type: If this is ``SERVICE_MANAGED`` , and the workplace was created through the Amazon Managed Grafana console, then Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use AWS data sources and notification channels. If this is ``CUSTOMER_MANAGED`` , you must manage those roles and permissions yourself. If you are working with a workspace in a member account of an organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other AWS accounts in the organization, this parameter must be set to ``CUSTOMER_MANAGED`` . For more information about converting between customer and service managed, see `Managing permissions for data sources and notification channels <https://docs.aws.amazon.com/grafana/latest/userguide/AMG-datasource-and-notification.html>`_ . For more information about the roles and permissions that must be managed for customer managed workspaces, see `Amazon Managed Grafana permissions and policies for AWS data sources and notification channels <https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html>`_
         :param client_token: A unique, case-sensitive, user-provided identifier to ensure the idempotency of the request.
         :param data_sources: Specifies the AWS data sources that have been configured to have IAM roles and permissions created to allow Amazon Managed Grafana to read data from these sources. This list is only used when the workspace was created through the AWS console, and the ``permissionType`` is ``SERVICE_MANAGED`` .
@@ -327,7 +327,7 @@ class CfnWorkspace(
     @builtins.property
     @jsii.member(jsii_name="authenticationProviders")
     def authentication_providers(self) -> typing.List[builtins.str]:
-        '''Specifies whether this workspace uses SAML 2.0, AWS IAM Identity Center (successor to AWS Single Sign-On) , or both to authenticate users for using the Grafana console within a workspace. For more information, see `User authentication in Amazon Managed Grafana <https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html>`_ .'''
+        '''Specifies whether this workspace uses SAML 2.0, AWS IAM Identity Center , or both to authenticate users for using the Grafana console within a workspace. For more information, see `User authentication in Amazon Managed Grafana <https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html>`_ .'''
         return typing.cast(typing.List[builtins.str], jsii.get(self, "authenticationProviders"))
 
     @authentication_providers.setter
@@ -1201,7 +1201,7 @@ class CfnWorkspaceProps:
         '''Properties for defining a ``CfnWorkspace``.
 
         :param account_access_type: Specifies whether the workspace can access AWS resources in this AWS account only, or whether it can also access AWS resources in other accounts in the same organization. If this is ``ORGANIZATION`` , the ``OrganizationalUnits`` parameter specifies which organizational units the workspace can access.
-        :param authentication_providers: Specifies whether this workspace uses SAML 2.0, AWS IAM Identity Center (successor to AWS Single Sign-On) , or both to authenticate users for using the Grafana console within a workspace. For more information, see `User authentication in Amazon Managed Grafana <https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html>`_ .
+        :param authentication_providers: Specifies whether this workspace uses SAML 2.0, AWS IAM Identity Center , or both to authenticate users for using the Grafana console within a workspace. For more information, see `User authentication in Amazon Managed Grafana <https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html>`_ .
         :param permission_type: If this is ``SERVICE_MANAGED`` , and the workplace was created through the Amazon Managed Grafana console, then Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use AWS data sources and notification channels. If this is ``CUSTOMER_MANAGED`` , you must manage those roles and permissions yourself. If you are working with a workspace in a member account of an organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other AWS accounts in the organization, this parameter must be set to ``CUSTOMER_MANAGED`` . For more information about converting between customer and service managed, see `Managing permissions for data sources and notification channels <https://docs.aws.amazon.com/grafana/latest/userguide/AMG-datasource-and-notification.html>`_ . For more information about the roles and permissions that must be managed for customer managed workspaces, see `Amazon Managed Grafana permissions and policies for AWS data sources and notification channels <https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html>`_
         :param client_token: A unique, case-sensitive, user-provided identifier to ensure the idempotency of the request.
         :param data_sources: Specifies the AWS data sources that have been configured to have IAM roles and permissions created to allow Amazon Managed Grafana to read data from these sources. This list is only used when the workspace was created through the AWS console, and the ``permissionType`` is ``SERVICE_MANAGED`` .
@@ -1338,7 +1338,7 @@ class CfnWorkspaceProps:
 
     @builtins.property
     def authentication_providers(self) -> typing.List[builtins.str]:
-        '''Specifies whether this workspace uses SAML 2.0, AWS IAM Identity Center (successor to AWS Single Sign-On) , or both to authenticate users for using the Grafana console within a workspace. For more information, see `User authentication in Amazon Managed Grafana <https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html>`_ .
+        '''Specifies whether this workspace uses SAML 2.0, AWS IAM Identity Center , or both to authenticate users for using the Grafana console within a workspace. For more information, see `User authentication in Amazon Managed Grafana <https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-grafana-workspace.html#cfn-grafana-workspace-authenticationproviders
         '''

aws_cdk/aws_greengrassv2/__init__.py

@@ -72,14 +72,7 @@ class CfnComponentVersion(
 
     Create a component from an AWS Lambda function that runs on AWS IoT Greengrass . This creates a recipe and artifacts from the Lambda function's deployment package. You can use this operation to migrate Lambda functions from AWS IoT Greengrass V1 to AWS IoT Greengrass V2 .
 
-    This function only accepts Lambda functions that use the following runtimes:
-
-    - Python 2.7 – ``python2.7``
-    - Python 3.7 – ``python3.7``
-    - Python 3.8 – ``python3.8``
-    - Java 8 – ``java8``
-    - Node.js 10 – ``nodejs10.x``
-    - Node.js 12 – ``nodejs12.x``
+    This function accepts Lambda functions in all supported versions of Python, Node.js, and Java runtimes. AWS IoT Greengrass doesn't apply any additional restrictions on deprecated Lambda runtime versions.
 
     To create a component from a Lambda function, specify ``lambdaFunction`` when you call this operation.