aws-cdk-lib 2.117.0__py3-none-any.whl → 2.119.0__py3-none-any.whl

aws_cdk/aws_glue/__init__.py

@@ -3209,6 +3209,275 @@ class CfnCrawlerProps:
         )
 
 
+@jsii.implements(_IInspectable_c2943556)
+class CfnCustomEntityType(
+    _CfnResource_9df397a6,
+    metaclass=jsii.JSIIMeta,
+    jsii_type="aws-cdk-lib.aws_glue.CfnCustomEntityType",
+):
+    '''Creates a custom pattern that is used to detect sensitive data across the columns and rows of your structured data.
+
+    Each custom pattern you create specifies a regular expression and an optional list of context words. If no context words are passed only a regular expression is checked.
+
+    :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-customentitytype.html
+    :cloudformationResource: AWS::Glue::CustomEntityType
+    :exampleMetadata: fixture=_generated
+
+    Example::
+
+        # The code below shows an example of how to instantiate this type.
+        # The values are placeholders you should change.
+        from aws_cdk import aws_glue as glue
+        
+        # tags: Any
+        
+        cfn_custom_entity_type = glue.CfnCustomEntityType(self, "MyCfnCustomEntityType",
+            context_words=["contextWords"],
+            name="name",
+            regex_string="regexString",
+            tags=tags
+        )
+    '''
+
+    def __init__(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        *,
+        context_words: typing.Optional[typing.Sequence[builtins.str]] = None,
+        name: typing.Optional[builtins.str] = None,
+        regex_string: typing.Optional[builtins.str] = None,
+        tags: typing.Any = None,
+    ) -> None:
+        '''
+        :param scope: Scope in which this resource is defined.
+        :param id: Construct identifier for this resource (unique in its scope).
+        :param context_words: A list of context words. If none of these context words are found within the vicinity of the regular expression the data will not be detected as sensitive data. If no context words are passed only a regular expression is checked.
+        :param name: A name for the custom pattern that allows it to be retrieved or deleted later. This name must be unique per AWS account.
+        :param regex_string: A regular expression string that is used for detecting sensitive data in a custom pattern.
+        :param tags: 
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__513b5382e12edfa036d553799dc23a98aa5ab82a6014b0bf9734336e4df0b878)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        props = CfnCustomEntityTypeProps(
+            context_words=context_words,
+            name=name,
+            regex_string=regex_string,
+            tags=tags,
+        )
+
+        jsii.create(self.__class__, self, [scope, id, props])
+
+    @jsii.member(jsii_name="inspect")
+    def inspect(self, inspector: _TreeInspector_488e0dd5) -> None:
+        '''Examines the CloudFormation resource and discloses attributes.
+
+        :param inspector: tree inspector to collect and process attributes.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__f1161ed4cb74764a76ad0a2a8d9218348384b8c59f0f79872699c83d6a9671c3)
+            check_type(argname="argument inspector", value=inspector, expected_type=type_hints["inspector"])
+        return typing.cast(None, jsii.invoke(self, "inspect", [inspector]))
+
+    @jsii.member(jsii_name="renderProperties")
+    def _render_properties(
+        self,
+        props: typing.Mapping[builtins.str, typing.Any],
+    ) -> typing.Mapping[builtins.str, typing.Any]:
+        '''
+        :param props: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__5a44dbad5acfb5d1ab1a4900296aa7aa8dd3f89c6979168443c7cc1d42463a11)
+            check_type(argname="argument props", value=props, expected_type=type_hints["props"])
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.invoke(self, "renderProperties", [props]))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="CFN_RESOURCE_TYPE_NAME")
+    def CFN_RESOURCE_TYPE_NAME(cls) -> builtins.str:
+        '''The CloudFormation resource type name for this resource class.'''
+        return typing.cast(builtins.str, jsii.sget(cls, "CFN_RESOURCE_TYPE_NAME"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrId")
+    def attr_id(self) -> builtins.str:
+        '''
+        :cloudformationAttribute: Id
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrId"))
+
+    @builtins.property
+    @jsii.member(jsii_name="cfnProperties")
+    def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
+
+    @builtins.property
+    @jsii.member(jsii_name="contextWords")
+    def context_words(self) -> typing.Optional[typing.List[builtins.str]]:
+        '''A list of context words.'''
+        return typing.cast(typing.Optional[typing.List[builtins.str]], jsii.get(self, "contextWords"))
+
+    @context_words.setter
+    def context_words(self, value: typing.Optional[typing.List[builtins.str]]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__d9a1b7db0046368ee993569d7df3e7fd0804b6e98a87f04e557ae064873f7978)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "contextWords", value)
+
+    @builtins.property
+    @jsii.member(jsii_name="name")
+    def name(self) -> typing.Optional[builtins.str]:
+        '''A name for the custom pattern that allows it to be retrieved or deleted later.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "name"))
+
+    @name.setter
+    def name(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__d11901df483ca1c3600c4415a97269b90d2adfe324a4327071f30bddc8fc6369)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "name", value)
+
+    @builtins.property
+    @jsii.member(jsii_name="regexString")
+    def regex_string(self) -> typing.Optional[builtins.str]:
+        '''A regular expression string that is used for detecting sensitive data in a custom pattern.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "regexString"))
+
+    @regex_string.setter
+    def regex_string(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__258029d677ed510f6e111f28b88a3fd5ca710364677c254b86f15149c3939f01)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "regexString", value)
+
+    @builtins.property
+    @jsii.member(jsii_name="tags")
+    def tags(self) -> typing.Any:
+        return typing.cast(typing.Any, jsii.get(self, "tags"))
+
+    @tags.setter
+    def tags(self, value: typing.Any) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__004ded3c6afee7c54be15b960f2dfa901eda8ff5ffd11f03dc0ad21cd665d3e9)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "tags", value)
+
+
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_glue.CfnCustomEntityTypeProps",
+    jsii_struct_bases=[],
+    name_mapping={
+        "context_words": "contextWords",
+        "name": "name",
+        "regex_string": "regexString",
+        "tags": "tags",
+    },
+)
+class CfnCustomEntityTypeProps:
+    def __init__(
+        self,
+        *,
+        context_words: typing.Optional[typing.Sequence[builtins.str]] = None,
+        name: typing.Optional[builtins.str] = None,
+        regex_string: typing.Optional[builtins.str] = None,
+        tags: typing.Any = None,
+    ) -> None:
+        '''Properties for defining a ``CfnCustomEntityType``.
+
+        :param context_words: A list of context words. If none of these context words are found within the vicinity of the regular expression the data will not be detected as sensitive data. If no context words are passed only a regular expression is checked.
+        :param name: A name for the custom pattern that allows it to be retrieved or deleted later. This name must be unique per AWS account.
+        :param regex_string: A regular expression string that is used for detecting sensitive data in a custom pattern.
+        :param tags: 
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-customentitytype.html
+        :exampleMetadata: fixture=_generated
+
+        Example::
+
+            # The code below shows an example of how to instantiate this type.
+            # The values are placeholders you should change.
+            from aws_cdk import aws_glue as glue
+            
+            # tags: Any
+            
+            cfn_custom_entity_type_props = glue.CfnCustomEntityTypeProps(
+                context_words=["contextWords"],
+                name="name",
+                regex_string="regexString",
+                tags=tags
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__b89d4d1c0831361548b8a9b2f2dbfff2bf67857569a0c9b0cc33179f8c618967)
+            check_type(argname="argument context_words", value=context_words, expected_type=type_hints["context_words"])
+            check_type(argname="argument name", value=name, expected_type=type_hints["name"])
+            check_type(argname="argument regex_string", value=regex_string, expected_type=type_hints["regex_string"])
+            check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {}
+        if context_words is not None:
+            self._values["context_words"] = context_words
+        if name is not None:
+            self._values["name"] = name
+        if regex_string is not None:
+            self._values["regex_string"] = regex_string
+        if tags is not None:
+            self._values["tags"] = tags
+
+    @builtins.property
+    def context_words(self) -> typing.Optional[typing.List[builtins.str]]:
+        '''A list of context words.
+
+        If none of these context words are found within the vicinity of the regular expression the data will not be detected as sensitive data.
+
+        If no context words are passed only a regular expression is checked.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-customentitytype.html#cfn-glue-customentitytype-contextwords
+        '''
+        result = self._values.get("context_words")
+        return typing.cast(typing.Optional[typing.List[builtins.str]], result)
+
+    @builtins.property
+    def name(self) -> typing.Optional[builtins.str]:
+        '''A name for the custom pattern that allows it to be retrieved or deleted later.
+
+        This name must be unique per AWS account.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-customentitytype.html#cfn-glue-customentitytype-name
+        '''
+        result = self._values.get("name")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def regex_string(self) -> typing.Optional[builtins.str]:
+        '''A regular expression string that is used for detecting sensitive data in a custom pattern.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-customentitytype.html#cfn-glue-customentitytype-regexstring
+        '''
+        result = self._values.get("regex_string")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def tags(self) -> typing.Any:
+        '''
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-customentitytype.html#cfn-glue-customentitytype-tags
+        '''
+        result = self._values.get("tags")
+        return typing.cast(typing.Any, result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "CfnCustomEntityTypeProps(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
 @jsii.implements(_IInspectable_c2943556)
 class CfnDataCatalogEncryptionSettings(
     _CfnResource_9df397a6,
@@ -14312,6 +14581,8 @@ __all__ = [
     "CfnConnectionProps",
     "CfnCrawler",
     "CfnCrawlerProps",
+    "CfnCustomEntityType",
+    "CfnCustomEntityTypeProps",
     "CfnDataCatalogEncryptionSettings",
     "CfnDataCatalogEncryptionSettingsProps",
     "CfnDataQualityRuleset",
@@ -14741,6 +15012,64 @@ def _typecheckingstub__51125dcaf0f55fdaefa50d6b9c05a6e431008538b8ab24abc0fbe126f
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__513b5382e12edfa036d553799dc23a98aa5ab82a6014b0bf9734336e4df0b878(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    *,
+    context_words: typing.Optional[typing.Sequence[builtins.str]] = None,
+    name: typing.Optional[builtins.str] = None,
+    regex_string: typing.Optional[builtins.str] = None,
+    tags: typing.Any = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__f1161ed4cb74764a76ad0a2a8d9218348384b8c59f0f79872699c83d6a9671c3(
+    inspector: _TreeInspector_488e0dd5,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__5a44dbad5acfb5d1ab1a4900296aa7aa8dd3f89c6979168443c7cc1d42463a11(
+    props: typing.Mapping[builtins.str, typing.Any],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__d9a1b7db0046368ee993569d7df3e7fd0804b6e98a87f04e557ae064873f7978(
+    value: typing.Optional[typing.List[builtins.str]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__d11901df483ca1c3600c4415a97269b90d2adfe324a4327071f30bddc8fc6369(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__258029d677ed510f6e111f28b88a3fd5ca710364677c254b86f15149c3939f01(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__004ded3c6afee7c54be15b960f2dfa901eda8ff5ffd11f03dc0ad21cd665d3e9(
+    value: typing.Any,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__b89d4d1c0831361548b8a9b2f2dbfff2bf67857569a0c9b0cc33179f8c618967(
+    *,
+    context_words: typing.Optional[typing.Sequence[builtins.str]] = None,
+    name: typing.Optional[builtins.str] = None,
+    regex_string: typing.Optional[builtins.str] = None,
+    tags: typing.Any = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__282fa6292001a27626ebcdd16c3756f6c1f39e2fce0bffe2aa07015e603b0c74(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,

aws_cdk/aws_iam/__init__.py

@@ -9869,27 +9869,34 @@ class PolicyStatement(
 ):
     '''Represents a statement in an IAM policy document.
 
-    :exampleMetadata: infused
+    :exampleMetadata: lit=aws-ec2/test/integ.vpc-endpoint.lit.ts infused
 
     Example::
 
-        cross_account_role_arn = "arn:aws:iam::OTHERACCOUNT:role/CrossAccountRoleName" # arn of role deployed in separate account
+        # Add gateway endpoints when creating the VPC
+        vpc = ec2.Vpc(self, "MyVpc",
+            gateway_endpoints={
+                "S3": cdk.aws_ec2.GatewayVpcEndpointOptions(
+                    service=ec2.GatewayVpcEndpointAwsService.S3
+                )
+            }
+        )
+        
+        # Alternatively gateway endpoints can be added on the VPC
+        dynamo_db_endpoint = vpc.add_gateway_endpoint("DynamoDbEndpoint",
+            service=ec2.GatewayVpcEndpointAwsService.DYNAMODB
+        )
         
-        call_region = "us-west-1" # sdk call to be made in specified region (optional)
+        # This allows to customize the endpoint policy
+        dynamo_db_endpoint.add_to_policy(
+            iam.PolicyStatement( # Restrict to listing and describing tables
+                principals=[iam.AnyPrincipal()],
+                actions=["dynamodb:DescribeTable", "dynamodb:ListTables"],
+                resources=["*"]))
         
-        cr.AwsCustomResource(self, "CrossAccount",
-            on_create=cr.AwsSdkCall(
-                assumed_role_arn=cross_account_role_arn,
-                region=call_region,  # optional
-                service="sts",
-                action="GetCallerIdentity",
-                physical_resource_id=cr.PhysicalResourceId.of("id")
-            ),
-            policy=cr.AwsCustomResourcePolicy.from_statements([iam.PolicyStatement.from_json({
-                "Effect": "Allow",
-                "Action": "sts:AssumeRole",
-                "Resource": cross_account_role_arn
-            })])
+        # Add an interface endpoint
+        vpc.add_interface_endpoint("EcrDockerEndpoint",
+            service=ec2.InterfaceVpcEndpointAwsService.ECR_DOCKER
         )
     '''
 
@@ -12726,6 +12733,20 @@ class PrincipalWithConditions(
             check_type(argname="argument conditions", value=conditions, expected_type=type_hints["conditions"])
         return typing.cast(None, jsii.invoke(self, "addConditions", [conditions]))
 
+    @jsii.member(jsii_name="addToAssumeRolePolicy")
+    def add_to_assume_role_policy(self, doc: PolicyDocument) -> None:
+        '''Add the principal to the AssumeRolePolicyDocument.
+
+        Add the statements to the AssumeRolePolicyDocument necessary to give this principal
+        permissions to assume the given role.
+
+        :param doc: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__9f3b5797da3ed30fffb5a07fdbc780cf2bb80f8c955f12f28429742fe81076d9)
+            check_type(argname="argument doc", value=doc, expected_type=type_hints["doc"])
+        return typing.cast(None, jsii.invoke(self, "addToAssumeRolePolicy", [doc]))
+
     @jsii.member(jsii_name="addToPolicy")
     def add_to_policy(self, statement: PolicyStatement) -> builtins.bool:
         '''Add to the policy of this principal.
@@ -12829,17 +12850,16 @@ class Role(
 
     Example::
 
-        lambda_role = iam.Role(self, "Role",
-            assumed_by=iam.ServicePrincipal("lambda.amazonaws.com"),
-            description="Example role..."
+        # definition: sfn.IChainable
+        role = iam.Role(self, "Role",
+            assumed_by=iam.ServicePrincipal("lambda.amazonaws.com")
         )
-        
-        stream = kinesis.Stream(self, "MyEncryptedStream",
-            encryption=kinesis.StreamEncryption.KMS
+        state_machine = sfn.StateMachine(self, "StateMachine",
+            definition_body=sfn.DefinitionBody.from_chainable(definition)
         )
         
-        # give lambda permissions to read stream
-        stream.grant_read(lambda_role)
+        # Give role permission to get execution history of ALL executions for the state machine
+        state_machine.grant_execution(role, "states:GetExecutionHistory")
     '''
 
     def __init__(
@@ -16594,6 +16614,12 @@ def _typecheckingstub__06f98d5139c999f6bf39f7d3b6b83cf4b629160f211cfac70b66df210
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__9f3b5797da3ed30fffb5a07fdbc780cf2bb80f8c955f12f28429742fe81076d9(
+    doc: PolicyDocument,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__de4963000e34b16a5638f4c44067171e566faa24c22a4a7cc74d90b52ec2976a(
     statement: PolicyStatement,
 ) -> None: