aws-cdk-lib 2.115.0__py3-none-any.whl → 2.116.1__py3-none-any.whl

aws_cdk/aws_lambda_nodejs/__init__.py

@@ -1507,7 +1507,7 @@ class NodejsFunction(
         :param project_root: The path to the directory containing project config files (``package.json`` or ``tsconfig.json``). Default: - the directory containing the ``depsLockFilePath``
         :param runtime: The runtime environment. Only runtimes of the Node.js family are supported. Default: ``Runtime.NODEJS_LATEST`` if the ``@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion`` feature flag is enabled, otherwise ``Runtime.NODEJS_16_X``
         :param adot_instrumentation: Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation. Default: - No ADOT instrumentation
-        :param allow_all_outbound: Whether to allow the Lambda to send all network traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets. Default: true
+        :param allow_all_outbound: Whether to allow the Lambda to send all network traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets. Do not specify this property if the ``securityGroups`` or ``securityGroup`` property is set. Instead, configure ``allowAllOutbound`` directly on the security group. Default: true
         :param allow_public_subnet: Lambda Functions in a public subnet can NOT access the internet. Use this property to acknowledge this limitation and still place the function in a public subnet. Default: false
         :param application_log_level: Sets the application log level for the function. Default: INFO
         :param architecture: The system architectures compatible with this lambda function. Default: Architecture.X86_64
@@ -1728,7 +1728,7 @@ class NodejsFunctionProps(_FunctionOptions_328f4d39):
         :param on_success: The destination for successful invocations. Default: - no destination
         :param retry_attempts: The maximum number of times to retry when the function returns an error. Minimum: 0 Maximum: 2 Default: 2
         :param adot_instrumentation: Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation. Default: - No ADOT instrumentation
-        :param allow_all_outbound: Whether to allow the Lambda to send all network traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets. Default: true
+        :param allow_all_outbound: Whether to allow the Lambda to send all network traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets. Do not specify this property if the ``securityGroups`` or ``securityGroup`` property is set. Instead, configure ``allowAllOutbound`` directly on the security group. Default: true
         :param allow_public_subnet: Lambda Functions in a public subnet can NOT access the internet. Use this property to acknowledge this limitation and still place the function in a public subnet. Default: false
         :param application_log_level: Sets the application log level for the function. Default: INFO
         :param architecture: The system architectures compatible with this lambda function. Default: Architecture.X86_64
@@ -2014,6 +2014,9 @@ class NodejsFunctionProps(_FunctionOptions_328f4d39):
         If set to false, you must individually add traffic rules to allow the
         Lambda to connect to network targets.
 
+        Do not specify this property if the ``securityGroups`` or ``securityGroup`` property is set.
+        Instead, configure ``allowAllOutbound`` directly on the security group.
+
         :default: true
         '''
         result = self._values.get("allow_all_outbound")

aws_cdk/aws_logs/__init__.py

@@ -921,7 +921,7 @@ class CfnDeliveryDestination(
 
     - Create a delivery source, which is a logical object that represents the resource that is actually sending the logs. For more information, see `PutDeliverySource <https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html>`_ .
     - Create a *delivery destination* , which is a logical object that represents the actual delivery destination.
-    - If you are delivering logs cross-account, you must use `PutDeliveryDestinationPolicy <https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationolicy.html>`_ in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination.
+    - If you are delivering logs cross-account, you must use `PutDeliveryDestinationPolicy <https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html>`_ in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination.
     - Create a *delivery* by pairing exactly one delivery source and one delivery destination. For more information, see `CreateDelivery <https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html>`_ .
 
     You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination.
@@ -1316,7 +1316,7 @@ class CfnDeliverySource(
 
     - Create a delivery source, which is a logical object that represents the resource that is actually sending the logs. For more information, see `PutDeliverySource <https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html>`_ .
     - Create a *delivery destination* , which is a logical object that represents the actual delivery destination. For more information, see `PutDeliveryDestination <https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html>`_ .
-    - If you are delivering logs cross-account, you must use `PutDeliveryDestinationPolicy <https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationolicy.html>`_ in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination.
+    - If you are delivering logs cross-account, you must use `PutDeliveryDestinationPolicy <https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html>`_ in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination.
     - Create a *delivery* by pairing exactly one delivery source and one delivery destination. For more information, see `CreateDelivery <https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html>`_ .
 
     You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination.
@@ -1359,7 +1359,7 @@ class CfnDeliverySource(
         :param id: Construct identifier for this resource (unique in its scope).
         :param name: The unique name of the delivery source.
         :param log_type: The type of log that the source is sending. For valid values for this parameter, see the documentation for the source service.
-        :param resource_arn: The ARN of the resource that will be sending the logs.
+        :param resource_arn: The Amazon Resource Name (ARN) that uniquely identifies this delivery source.
         :param tags: The tags that have been assigned to this delivery source.
         '''
         if __debug__:
@@ -1465,7 +1465,7 @@ class CfnDeliverySource(
     @builtins.property
     @jsii.member(jsii_name="resourceArn")
     def resource_arn(self) -> typing.Optional[builtins.str]:
-        '''The ARN of the resource that will be sending the logs.'''
+        '''The Amazon Resource Name (ARN) that uniquely identifies this delivery source.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "resourceArn"))
 
     @resource_arn.setter
@@ -1512,7 +1512,7 @@ class CfnDeliverySourceProps:
 
         :param name: The unique name of the delivery source.
         :param log_type: The type of log that the source is sending. For valid values for this parameter, see the documentation for the source service.
-        :param resource_arn: The ARN of the resource that will be sending the logs.
+        :param resource_arn: The Amazon Resource Name (ARN) that uniquely identifies this delivery source.
         :param tags: The tags that have been assigned to this delivery source.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-deliverysource.html
@@ -1575,7 +1575,7 @@ class CfnDeliverySourceProps:
 
     @builtins.property
     def resource_arn(self) -> typing.Optional[builtins.str]:
-        '''The ARN of the resource that will be sending the logs.
+        '''The Amazon Resource Name (ARN) that uniquely identifies this delivery source.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-deliverysource.html#cfn-logs-deliverysource-resourcearn
         '''

aws_cdk/aws_opensearchservice/__init__.py

@@ -975,7 +975,7 @@ class CfnDomain(
         :param ebs_options: The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain. For more information, see `EBS volume size limits <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource>`_ in the *Amazon OpenSearch Service Developer Guide* .
         :param encryption_at_rest_options: Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. See `Encryption of data at rest for Amazon OpenSearch Service <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/encryption-at-rest.html>`_ .
         :param engine_version: The version of OpenSearch to use. The value must be in the format ``OpenSearch_X.Y`` or ``Elasticsearch_X.Y`` . If not specified, the latest version of OpenSearch is used. For information about the versions that OpenSearch Service supports, see `Supported versions of OpenSearch and Elasticsearch <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/what-is.html#choosing-version>`_ in the *Amazon OpenSearch Service Developer Guide* . If you set the `EnableVersionUpgrade <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html#cfn-attributes-updatepolicy-upgradeopensearchdomain>`_ update policy to ``true`` , you can update ``EngineVersion`` without interruption. When ``EnableVersionUpgrade`` is set to ``false`` , or is not specified, updating ``EngineVersion`` results in `replacement <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement>`_ .
-        :param ip_address_type: 
+        :param ip_address_type: The type of IP addresses supported by the endpoint for the domain.
         :param log_publishing_options: An object with one or more of the following keys: ``SEARCH_SLOW_LOGS`` , ``ES_APPLICATION_LOGS`` , ``INDEX_SLOW_LOGS`` , ``AUDIT_LOGS`` , depending on the types of logs you want to publish. Each key needs a valid ``LogPublishingOption`` value. For the full syntax, see the `examples <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#aws-resource-opensearchservice-domain--examples>`_ .
         :param node_to_node_encryption_options: Specifies whether node-to-node encryption is enabled. See `Node-to-node encryption for Amazon OpenSearch Service <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ntn.html>`_ .
         :param off_peak_window_options: Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.
@@ -1363,6 +1363,7 @@ class CfnDomain(
     @builtins.property
     @jsii.member(jsii_name="ipAddressType")
     def ip_address_type(self) -> typing.Optional[builtins.str]:
+        '''The type of IP addresses supported by the endpoint for the domain.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "ipAddressType"))
 
     @ip_address_type.setter
@@ -3561,7 +3562,7 @@ class CfnDomainProps:
         :param ebs_options: The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain. For more information, see `EBS volume size limits <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource>`_ in the *Amazon OpenSearch Service Developer Guide* .
         :param encryption_at_rest_options: Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. See `Encryption of data at rest for Amazon OpenSearch Service <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/encryption-at-rest.html>`_ .
         :param engine_version: The version of OpenSearch to use. The value must be in the format ``OpenSearch_X.Y`` or ``Elasticsearch_X.Y`` . If not specified, the latest version of OpenSearch is used. For information about the versions that OpenSearch Service supports, see `Supported versions of OpenSearch and Elasticsearch <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/what-is.html#choosing-version>`_ in the *Amazon OpenSearch Service Developer Guide* . If you set the `EnableVersionUpgrade <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html#cfn-attributes-updatepolicy-upgradeopensearchdomain>`_ update policy to ``true`` , you can update ``EngineVersion`` without interruption. When ``EnableVersionUpgrade`` is set to ``false`` , or is not specified, updating ``EngineVersion`` results in `replacement <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement>`_ .
-        :param ip_address_type: 
+        :param ip_address_type: The type of IP addresses supported by the endpoint for the domain.
         :param log_publishing_options: An object with one or more of the following keys: ``SEARCH_SLOW_LOGS`` , ``ES_APPLICATION_LOGS`` , ``INDEX_SLOW_LOGS`` , ``AUDIT_LOGS`` , depending on the types of logs you want to publish. Each key needs a valid ``LogPublishingOption`` value. For the full syntax, see the `examples <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#aws-resource-opensearchservice-domain--examples>`_ .
         :param node_to_node_encryption_options: Specifies whether node-to-node encryption is enabled. See `Node-to-node encryption for Amazon OpenSearch Service <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ntn.html>`_ .
         :param off_peak_window_options: Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.
@@ -3882,7 +3883,8 @@ class CfnDomainProps:
 
     @builtins.property
     def ip_address_type(self) -> typing.Optional[builtins.str]:
-        '''
+        '''The type of IP addresses supported by the endpoint for the domain.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-ipaddresstype
         '''
         result = self._values.get("ip_address_type")

aws_cdk/aws_organizations/__init__.py

@@ -1030,7 +1030,7 @@ class CfnPolicy(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param content: The policy text content. You can specify the policy content as a JSON object or a JSON string. .. epigraph:: When you specify the policy content as a JSON string, you can't perform drift detection on the CloudFormation stack. For this reason, we recommend specifying the policy content as a JSON object instead. The text that you supply must adhere to the rules of the policy type you specify in the ``Type`` parameter. The following AWS Organizations quotas are enforced for the maximum size of a policy document: - Service control policies: 5,120 bytes *(not characters)* - AI services opt-out policies: 2,500 characters - Backup policies: 10,000 characters - Tag policies: 10,000 characters For more information about Organizations service quotas, see `Quotas for AWS Organizations <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html>`_ in the *AWS Organizations User Guide* .
+        :param content: The policy text content. You can specify the policy content as a JSON object or a JSON string. .. epigraph:: When you specify the policy content as a JSON string, you can't perform drift detection on the CloudFormation stack. For this reason, we recommend specifying the policy content as a JSON object instead. The text that you supply must adhere to the rules of the policy type you specify in the ``Type`` parameter. The following AWS Organizations quotas are enforced for the maximum size of a policy document: - Service control policies: 5,120 characters - AI services opt-out policies: 2,500 characters - Backup policies: 10,000 characters - Tag policies: 10,000 characters For more information about Organizations service quotas, see `Quotas for AWS Organizations <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html>`_ in the *AWS Organizations User Guide* .
         :param name: Name of the policy. The `regex pattern <https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex>`_ that is used to validate this parameter is a string of any of the characters in the ASCII character range.
         :param type: The type of policy to create.
         :param description: Human readable description of the policy.
@@ -1233,7 +1233,7 @@ class CfnPolicyProps:
     ) -> None:
         '''Properties for defining a ``CfnPolicy``.
 
-        :param content: The policy text content. You can specify the policy content as a JSON object or a JSON string. .. epigraph:: When you specify the policy content as a JSON string, you can't perform drift detection on the CloudFormation stack. For this reason, we recommend specifying the policy content as a JSON object instead. The text that you supply must adhere to the rules of the policy type you specify in the ``Type`` parameter. The following AWS Organizations quotas are enforced for the maximum size of a policy document: - Service control policies: 5,120 bytes *(not characters)* - AI services opt-out policies: 2,500 characters - Backup policies: 10,000 characters - Tag policies: 10,000 characters For more information about Organizations service quotas, see `Quotas for AWS Organizations <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html>`_ in the *AWS Organizations User Guide* .
+        :param content: The policy text content. You can specify the policy content as a JSON object or a JSON string. .. epigraph:: When you specify the policy content as a JSON string, you can't perform drift detection on the CloudFormation stack. For this reason, we recommend specifying the policy content as a JSON object instead. The text that you supply must adhere to the rules of the policy type you specify in the ``Type`` parameter. The following AWS Organizations quotas are enforced for the maximum size of a policy document: - Service control policies: 5,120 characters - AI services opt-out policies: 2,500 characters - Backup policies: 10,000 characters - Tag policies: 10,000 characters For more information about Organizations service quotas, see `Quotas for AWS Organizations <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html>`_ in the *AWS Organizations User Guide* .
         :param name: Name of the policy. The `regex pattern <https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex>`_ that is used to validate this parameter is a string of any of the characters in the ASCII character range.
         :param type: The type of policy to create.
         :param description: Human readable description of the policy.
@@ -1295,7 +1295,7 @@ class CfnPolicyProps:
 
         The text that you supply must adhere to the rules of the policy type you specify in the ``Type`` parameter. The following AWS Organizations quotas are enforced for the maximum size of a policy document:
 
-        - Service control policies: 5,120 bytes *(not characters)*
+        - Service control policies: 5,120 characters
         - AI services opt-out policies: 2,500 characters
         - Backup policies: 10,000 characters
         - Tag policies: 10,000 characters

aws_cdk/aws_osis/__init__.py

@@ -133,8 +133,8 @@ class CfnPipeline(
         :param min_units: The minimum pipeline capacity, in Ingestion Compute Units (ICUs).
         :param pipeline_configuration_body: The Data Prepper pipeline configuration in YAML format.
         :param pipeline_name: The name of the pipeline.
-        :param buffer_options: Key-value pairs to configure buffering.
-        :param encryption_at_rest_options: Key-value pairs to configure encryption at rest.
+        :param buffer_options: Options that specify the configuration of a persistent buffer. To configure how OpenSearch Ingestion encrypts this data, set the EncryptionAtRestOptions.
+        :param encryption_at_rest_options: Options to control how OpenSearch encrypts all data-at-rest.
         :param log_publishing_options: Key-value pairs that represent log publishing settings.
         :param tags: List of tags to add to the pipeline upon creation.
         :param vpc_options: Options that specify the subnets and security groups for an OpenSearch Ingestion VPC endpoint.
@@ -284,7 +284,7 @@ class CfnPipeline(
     def buffer_options(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnPipeline.BufferOptionsProperty"]]:
-        '''Key-value pairs to configure buffering.'''
+        '''Options that specify the configuration of a persistent buffer.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnPipeline.BufferOptionsProperty"]], jsii.get(self, "bufferOptions"))
 
     @buffer_options.setter
@@ -302,7 +302,7 @@ class CfnPipeline(
     def encryption_at_rest_options(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnPipeline.EncryptionAtRestOptionsProperty"]]:
-        '''Key-value pairs to configure encryption at rest.'''
+        '''Options to control how OpenSearch encrypts all data-at-rest.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnPipeline.EncryptionAtRestOptionsProperty"]], jsii.get(self, "encryptionAtRestOptions"))
 
     @encryption_at_rest_options.setter
@@ -375,7 +375,9 @@ class CfnPipeline(
             *,
             persistent_buffer_enabled: typing.Union[builtins.bool, _IResolvable_da3f097b],
         ) -> None:
-            '''Key-value pairs to configure buffering.
+            '''Options that specify the configuration of a persistent buffer.
+
+            To configure how OpenSearch Ingestion encrypts this data, set the EncryptionAtRestOptions.
 
             :param persistent_buffer_enabled: Whether persistent buffering should be enabled.
 
@@ -483,9 +485,9 @@ class CfnPipeline(
     )
     class EncryptionAtRestOptionsProperty:
         def __init__(self, *, kms_key_arn: builtins.str) -> None:
-            '''Key-value pairs to configure encryption at rest.
+            '''Options to control how OpenSearch encrypts all data-at-rest.
 
-            :param kms_key_arn: The KMS key to use for encrypting data. By default an AWS owned key is used
+            :param kms_key_arn: The ARN of the KMS key used to encrypt data-at-rest in OpenSearch Ingestion. By default, data is encrypted using an AWS owned key.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-osis-pipeline-encryptionatrestoptions.html
             :exampleMetadata: fixture=_generated
@@ -509,9 +511,9 @@ class CfnPipeline(
 
         @builtins.property
         def kms_key_arn(self) -> builtins.str:
-            '''The KMS key to use for encrypting data.
+            '''The ARN of the KMS key used to encrypt data-at-rest in OpenSearch Ingestion.
 
-            By default an AWS owned key is used
+            By default, data is encrypted using an AWS owned key.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-osis-pipeline-encryptionatrestoptions.html#cfn-osis-pipeline-encryptionatrestoptions-kmskeyarn
             '''
@@ -823,8 +825,8 @@ class CfnPipelineProps:
         :param min_units: The minimum pipeline capacity, in Ingestion Compute Units (ICUs).
         :param pipeline_configuration_body: The Data Prepper pipeline configuration in YAML format.
         :param pipeline_name: The name of the pipeline.
-        :param buffer_options: Key-value pairs to configure buffering.
-        :param encryption_at_rest_options: Key-value pairs to configure encryption at rest.
+        :param buffer_options: Options that specify the configuration of a persistent buffer. To configure how OpenSearch Ingestion encrypts this data, set the EncryptionAtRestOptions.
+        :param encryption_at_rest_options: Options to control how OpenSearch encrypts all data-at-rest.
         :param log_publishing_options: Key-value pairs that represent log publishing settings.
         :param tags: List of tags to add to the pipeline upon creation.
         :param vpc_options: Options that specify the subnets and security groups for an OpenSearch Ingestion VPC endpoint.
@@ -941,7 +943,9 @@ class CfnPipelineProps:
     def buffer_options(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnPipeline.BufferOptionsProperty]]:
-        '''Key-value pairs to configure buffering.
+        '''Options that specify the configuration of a persistent buffer.
+
+        To configure how OpenSearch Ingestion encrypts this data, set the EncryptionAtRestOptions.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-osis-pipeline.html#cfn-osis-pipeline-bufferoptions
         '''
@@ -952,7 +956,7 @@ class CfnPipelineProps:
     def encryption_at_rest_options(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnPipeline.EncryptionAtRestOptionsProperty]]:
-        '''Key-value pairs to configure encryption at rest.
+        '''Options to control how OpenSearch encrypts all data-at-rest.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-osis-pipeline.html#cfn-osis-pipeline-encryptionatrestoptions
         '''

aws_cdk/aws_rds/__init__.py

@@ -2312,6 +2312,12 @@ class AuroraMysqlEngineVersion(
         '''Version "8.0.mysql_aurora.3.05.0".'''
         return typing.cast("AuroraMysqlEngineVersion", jsii.sget(cls, "VER_3_05_0"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_3_05_1")
+    def VER_3_05_1(cls) -> "AuroraMysqlEngineVersion":
+        '''Version "8.0.mysql_aurora.3.05.1".'''
+        return typing.cast("AuroraMysqlEngineVersion", jsii.sget(cls, "VER_3_05_1"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_5_7_12")
     def VER_5_7_12(cls) -> "AuroraMysqlEngineVersion":

aws_cdk/aws_s3/__init__.py

@@ -5445,7 +5445,9 @@ class CfnBucket(
     )
     class FilterRuleProperty:
         def __init__(self, *, name: builtins.str, value: builtins.str) -> None:
-            '''Specifies the Amazon S3 object key name to filter on and whether to filter on the suffix or prefix of the key name.
+            '''Specifies the Amazon S3 object key name to filter on.
+
+            An object key name is the name assigned to an object in your Amazon S3 bucket. You can also specify whether to filter on the suffix or prefix of the object key name. A prefix is a specific string of characters at the beginning of an object key name, which you can use to organize objects. For example, you can start the key names of related objects with a prefix, such as ``2023-`` or ``engineering/`` . Then, you can use ``FilterRule`` to find objects in a bucket with key names that have the same prefix. A suffix is similar to a prefix, but it is at the end of the object key name instead of at the beginning.
 
             :param name: The object key name prefix or suffix identifying one or more objects to which the filtering rule applies. The maximum length is 1,024 characters. Overlapping prefixes and suffixes are not supported. For more information, see `Configuring Event Notifications <https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html>`_ in the *Amazon S3 User Guide* .
             :param value: The value that the filter searches for in object key names.
@@ -7595,7 +7597,7 @@ class CfnBucket(
         ) -> None:
             '''A container for replication rules.
 
-            You can add up to 1,000 rules. The maximum size of a replication configuration is 2 MB.
+            You can add up to 1,000 rules. The maximum size of a replication configuration is 2 MB. The latest version of the replication configuration XML is V2. For more information about XML V2 replication configurations, see `Replication configuration <https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-add-config.html>`_ in the *Amazon S3 User Guide* .
 
             :param role: The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that Amazon S3 assumes when replicating objects. For more information, see `How to Set Up Replication <https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-how-setup.html>`_ in the *Amazon S3 User Guide* .
             :param rules: A container for one or more replication rules. A replication configuration must have at least one rule and can contain a maximum of 1,000 rules.

aws_cdk/aws_s3outposts/__init__.py

@@ -458,7 +458,7 @@ class CfnBucket(
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param bucket_name: A name for the S3 on Outposts bucket. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow `Amazon S3 bucket restrictions and limitations <https://docs.aws.amazon.com/AmazonS3/latest/userguide/BucketRestrictions.html>`_ . For more information, see `Bucket naming rules <https://docs.aws.amazon.com/AmazonS3/latest/userguide/BucketRestrictions.html#bucketnamingrules>`_ . .. epigraph:: If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.
-        :param outpost_id: The id of the customer outpost on which the bucket resides.
+        :param outpost_id: The ID of the Outpost of the specified bucket.
         :param lifecycle_configuration: Creates a new lifecycle configuration for the S3 on Outposts bucket or replaces an existing lifecycle configuration. Outposts buckets only support lifecycle configurations that delete/expire objects after a certain period of time and abort incomplete multipart uploads.
         :param tags: Sets the tags for an S3 on Outposts bucket. For more information, see `Using Amazon S3 on Outposts <https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html>`_ . Use tags to organize your AWS bill to reflect your own cost structure. To do this, sign up to get your AWS account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see `Cost allocation and tags <https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html>`_ . .. epigraph:: Within a bucket, if you add a tag that has the same key as an existing tag, the new value overwrites the old value. For more information, see `Using cost allocation and bucket tags <https://docs.aws.amazon.com/AmazonS3/latest/userguide/CostAllocTagging.html>`_ . To use this resource, you must have permissions to perform the ``s3-outposts:PutBucketTagging`` . The S3 on Outposts bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see `Permissions Related to Bucket Subresource Operations <https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources>`_ and `Managing access permissions to your Amazon S3 resources <https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html>`_ .
         '''
@@ -543,7 +543,7 @@ class CfnBucket(
     @builtins.property
     @jsii.member(jsii_name="outpostId")
     def outpost_id(self) -> builtins.str:
-        '''The id of the customer outpost on which the bucket resides.'''
+        '''The ID of the Outpost of the specified bucket.'''
         return typing.cast(builtins.str, jsii.get(self, "outpostId"))
 
     @outpost_id.setter
@@ -1304,7 +1304,7 @@ class CfnBucketProps:
         '''Properties for defining a ``CfnBucket``.
 
         :param bucket_name: A name for the S3 on Outposts bucket. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow `Amazon S3 bucket restrictions and limitations <https://docs.aws.amazon.com/AmazonS3/latest/userguide/BucketRestrictions.html>`_ . For more information, see `Bucket naming rules <https://docs.aws.amazon.com/AmazonS3/latest/userguide/BucketRestrictions.html#bucketnamingrules>`_ . .. epigraph:: If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.
-        :param outpost_id: The id of the customer outpost on which the bucket resides.
+        :param outpost_id: The ID of the Outpost of the specified bucket.
         :param lifecycle_configuration: Creates a new lifecycle configuration for the S3 on Outposts bucket or replaces an existing lifecycle configuration. Outposts buckets only support lifecycle configurations that delete/expire objects after a certain period of time and abort incomplete multipart uploads.
         :param tags: Sets the tags for an S3 on Outposts bucket. For more information, see `Using Amazon S3 on Outposts <https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html>`_ . Use tags to organize your AWS bill to reflect your own cost structure. To do this, sign up to get your AWS account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see `Cost allocation and tags <https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html>`_ . .. epigraph:: Within a bucket, if you add a tag that has the same key as an existing tag, the new value overwrites the old value. For more information, see `Using cost allocation and bucket tags <https://docs.aws.amazon.com/AmazonS3/latest/userguide/CostAllocTagging.html>`_ . To use this resource, you must have permissions to perform the ``s3-outposts:PutBucketTagging`` . The S3 on Outposts bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see `Permissions Related to Bucket Subresource Operations <https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources>`_ and `Managing access permissions to your Amazon S3 resources <https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html>`_ .
 
@@ -1376,7 +1376,7 @@ class CfnBucketProps:
 
     @builtins.property
     def outpost_id(self) -> builtins.str:
-        '''The id of the customer outpost on which the bucket resides.
+        '''The ID of the Outpost of the specified bucket.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3outposts-bucket.html#cfn-s3outposts-bucket-outpostid
         '''
@@ -1478,7 +1478,7 @@ class CfnEndpoint(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param outpost_id: The id of the customer outpost on which the bucket resides.
+        :param outpost_id: The ID of the Outpost.
         :param security_group_id: The ID of the security group used for the endpoint.
         :param subnet_id: The ID of the subnet used for the endpoint.
         :param access_type: The container for the type of connectivity used to access the Amazon S3 on Outposts endpoint. To use the Amazon VPC , choose ``Private`` . To use the endpoint with an on-premises network, choose ``CustomerOwnedIp`` . If you choose ``CustomerOwnedIp`` , you must also provide the customer-owned IP address pool (CoIP pool). .. epigraph:: ``Private`` is the default access type value. Default: - "Private"
@@ -1592,7 +1592,7 @@ class CfnEndpoint(
     @builtins.property
     @jsii.member(jsii_name="outpostId")
     def outpost_id(self) -> builtins.str:
-        '''The id of the customer outpost on which the bucket resides.'''
+        '''The ID of the Outpost.'''
         return typing.cast(builtins.str, jsii.get(self, "outpostId"))
 
     @outpost_id.setter
@@ -1820,7 +1820,7 @@ class CfnEndpointProps:
     ) -> None:
         '''Properties for defining a ``CfnEndpoint``.
 
-        :param outpost_id: The id of the customer outpost on which the bucket resides.
+        :param outpost_id: The ID of the Outpost.
         :param security_group_id: The ID of the security group used for the endpoint.
         :param subnet_id: The ID of the subnet used for the endpoint.
         :param access_type: The container for the type of connectivity used to access the Amazon S3 on Outposts endpoint. To use the Amazon VPC , choose ``Private`` . To use the endpoint with an on-premises network, choose ``CustomerOwnedIp`` . If you choose ``CustomerOwnedIp`` , you must also provide the customer-owned IP address pool (CoIP pool). .. epigraph:: ``Private`` is the default access type value. Default: - "Private"
@@ -1872,7 +1872,7 @@ class CfnEndpointProps:
 
     @builtins.property
     def outpost_id(self) -> builtins.str:
-        '''The id of the customer outpost on which the bucket resides.
+        '''The ID of the Outpost.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3outposts-endpoint.html#cfn-s3outposts-endpoint-outpostid
         '''