aws-cdk-lib 2.117.0__py3-none-any.whl → 2.119.0__py3-none-any.whl

aws_cdk/aws_redshift/__init__.py

@@ -118,7 +118,9 @@ class CfnCluster(
                 s3_key_prefix="s3KeyPrefix"
             ),
             maintenance_track_name="maintenanceTrackName",
+            manage_master_password=False,
             manual_snapshot_retention_period=123,
+            master_password_secret_kms_key_id="masterPasswordSecretKmsKeyId",
             master_user_password="masterUserPassword",
             multi_az=False,
             namespace_resource_policy=namespace_resource_policy,
@@ -179,7 +181,9 @@ class CfnCluster(
         kms_key_id: typing.Optional[builtins.str] = None,
         logging_properties: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnCluster.LoggingPropertiesProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         maintenance_track_name: typing.Optional[builtins.str] = None,
+        manage_master_password: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         manual_snapshot_retention_period: typing.Optional[jsii.Number] = None,
+        master_password_secret_kms_key_id: typing.Optional[builtins.str] = None,
         master_user_password: typing.Optional[builtins.str] = None,
         multi_az: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         namespace_resource_policy: typing.Any = None,
@@ -233,7 +237,9 @@ class CfnCluster(
         :param kms_key_id: The AWS Key Management Service (KMS) key ID of the encryption key that you want to use to encrypt data in the cluster.
         :param logging_properties: Specifies logging information, such as queries and connection attempts, for the specified Amazon Redshift cluster.
         :param maintenance_track_name: An optional parameter for the name of the maintenance track for the cluster. If you don't provide a maintenance track name, the cluster is assigned to the ``current`` track.
+        :param manage_master_password: A boolean indicating if the redshift cluster's admin user credentials is managed by Redshift or not. You can't use MasterUserPassword if ManageMasterPassword is true. If ManageMasterPassword is false or not set, Amazon Redshift uses MasterUserPassword for the admin user account's password.
         :param manual_snapshot_retention_period: The default number of days to retain a manual snapshot. If the value is -1, the snapshot is retained indefinitely. This setting doesn't change the retention period of existing snapshots. The value must be either -1 or an integer between 1 and 3,653.
+        :param master_password_secret_kms_key_id: The ID of the Key Management Service (KMS) key used to encrypt and store the cluster's admin user credentials secret.
         :param master_user_password: The password associated with the admin user account for the cluster that is being created. You can't use ``MasterUserPassword`` if ``ManageMasterPassword`` is ``true`` . Constraints: - Must be between 8 and 64 characters in length. - Must contain at least one uppercase letter. - Must contain at least one lowercase letter. - Must contain one number. - Can be any printable ASCII character (ASCII code 33-126) except ``'`` (single quote), ``"`` (double quote), ``\\`` , ``/`` , or ``@`` .
         :param multi_az: A boolean indicating whether Amazon Redshift should deploy the cluster in two Availability Zones. The default is false.
         :param namespace_resource_policy: The namespace resource policy document that will be attached to a Redshift cluster.
@@ -289,7 +295,9 @@ class CfnCluster(
             kms_key_id=kms_key_id,
             logging_properties=logging_properties,
             maintenance_track_name=maintenance_track_name,
+            manage_master_password=manage_master_password,
             manual_snapshot_retention_period=manual_snapshot_retention_period,
+            master_password_secret_kms_key_id=master_password_secret_kms_key_id,
             master_user_password=master_user_password,
             multi_az=multi_az,
             namespace_resource_policy=namespace_resource_policy,
@@ -389,6 +397,15 @@ class CfnCluster(
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrId"))
 
+    @builtins.property
+    @jsii.member(jsii_name="attrMasterPasswordSecretArn")
+    def attr_master_password_secret_arn(self) -> builtins.str:
+        '''The Amazon Resource Name (ARN) for the cluster's admin user credentials secret.
+
+        :cloudformationAttribute: MasterPasswordSecretArn
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrMasterPasswordSecretArn"))
+
     @builtins.property
     @jsii.member(jsii_name="cfnProperties")
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
@@ -867,6 +884,24 @@ class CfnCluster(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "maintenanceTrackName", value)
 
+    @builtins.property
+    @jsii.member(jsii_name="manageMasterPassword")
+    def manage_master_password(
+        self,
+    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+        '''A boolean indicating if the redshift cluster's admin user credentials is managed by Redshift or not.'''
+        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "manageMasterPassword"))
+
+    @manage_master_password.setter
+    def manage_master_password(
+        self,
+        value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__080a467a54b42730471573ef0e1a0c26e7b4f7d5ec0a07e9f75f4d8e6d3e25bf)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "manageMasterPassword", value)
+
     @builtins.property
     @jsii.member(jsii_name="manualSnapshotRetentionPeriod")
     def manual_snapshot_retention_period(self) -> typing.Optional[jsii.Number]:
@@ -883,6 +918,22 @@ class CfnCluster(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "manualSnapshotRetentionPeriod", value)
 
+    @builtins.property
+    @jsii.member(jsii_name="masterPasswordSecretKmsKeyId")
+    def master_password_secret_kms_key_id(self) -> typing.Optional[builtins.str]:
+        '''The ID of the Key Management Service (KMS) key used to encrypt and store the cluster's admin user credentials secret.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "masterPasswordSecretKmsKeyId"))
+
+    @master_password_secret_kms_key_id.setter
+    def master_password_secret_kms_key_id(
+        self,
+        value: typing.Optional[builtins.str],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__e26594c22a23597c2bcb39be035e857bb61d132ed89a50d4d58e1a8f8c369e12)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "masterPasswordSecretKmsKeyId", value)
+
     @builtins.property
     @jsii.member(jsii_name="masterUserPassword")
     def master_user_password(self) -> typing.Optional[builtins.str]:
@@ -1740,7 +1791,9 @@ class CfnClusterParameterGroupProps:
         "kms_key_id": "kmsKeyId",
         "logging_properties": "loggingProperties",
         "maintenance_track_name": "maintenanceTrackName",
+        "manage_master_password": "manageMasterPassword",
         "manual_snapshot_retention_period": "manualSnapshotRetentionPeriod",
+        "master_password_secret_kms_key_id": "masterPasswordSecretKmsKeyId",
         "master_user_password": "masterUserPassword",
         "multi_az": "multiAz",
         "namespace_resource_policy": "namespaceResourcePolicy",
@@ -1796,7 +1849,9 @@ class CfnClusterProps:
         kms_key_id: typing.Optional[builtins.str] = None,
         logging_properties: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnCluster.LoggingPropertiesProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         maintenance_track_name: typing.Optional[builtins.str] = None,
+        manage_master_password: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         manual_snapshot_retention_period: typing.Optional[jsii.Number] = None,
+        master_password_secret_kms_key_id: typing.Optional[builtins.str] = None,
         master_user_password: typing.Optional[builtins.str] = None,
         multi_az: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         namespace_resource_policy: typing.Any = None,
@@ -1849,7 +1904,9 @@ class CfnClusterProps:
         :param kms_key_id: The AWS Key Management Service (KMS) key ID of the encryption key that you want to use to encrypt data in the cluster.
         :param logging_properties: Specifies logging information, such as queries and connection attempts, for the specified Amazon Redshift cluster.
         :param maintenance_track_name: An optional parameter for the name of the maintenance track for the cluster. If you don't provide a maintenance track name, the cluster is assigned to the ``current`` track.
+        :param manage_master_password: A boolean indicating if the redshift cluster's admin user credentials is managed by Redshift or not. You can't use MasterUserPassword if ManageMasterPassword is true. If ManageMasterPassword is false or not set, Amazon Redshift uses MasterUserPassword for the admin user account's password.
         :param manual_snapshot_retention_period: The default number of days to retain a manual snapshot. If the value is -1, the snapshot is retained indefinitely. This setting doesn't change the retention period of existing snapshots. The value must be either -1 or an integer between 1 and 3,653.
+        :param master_password_secret_kms_key_id: The ID of the Key Management Service (KMS) key used to encrypt and store the cluster's admin user credentials secret.
         :param master_user_password: The password associated with the admin user account for the cluster that is being created. You can't use ``MasterUserPassword`` if ``ManageMasterPassword`` is ``true`` . Constraints: - Must be between 8 and 64 characters in length. - Must contain at least one uppercase letter. - Must contain at least one lowercase letter. - Must contain one number. - Can be any printable ASCII character (ASCII code 33-126) except ``'`` (single quote), ``"`` (double quote), ``\\`` , ``/`` , or ``@`` .
         :param multi_az: A boolean indicating whether Amazon Redshift should deploy the cluster in two Availability Zones. The default is false.
         :param namespace_resource_policy: The namespace resource policy document that will be attached to a Redshift cluster.
@@ -1920,7 +1977,9 @@ class CfnClusterProps:
                     s3_key_prefix="s3KeyPrefix"
                 ),
                 maintenance_track_name="maintenanceTrackName",
+                manage_master_password=False,
                 manual_snapshot_retention_period=123,
+                master_password_secret_kms_key_id="masterPasswordSecretKmsKeyId",
                 master_user_password="masterUserPassword",
                 multi_az=False,
                 namespace_resource_policy=namespace_resource_policy,
@@ -1977,7 +2036,9 @@ class CfnClusterProps:
             check_type(argname="argument kms_key_id", value=kms_key_id, expected_type=type_hints["kms_key_id"])
             check_type(argname="argument logging_properties", value=logging_properties, expected_type=type_hints["logging_properties"])
             check_type(argname="argument maintenance_track_name", value=maintenance_track_name, expected_type=type_hints["maintenance_track_name"])
+            check_type(argname="argument manage_master_password", value=manage_master_password, expected_type=type_hints["manage_master_password"])
             check_type(argname="argument manual_snapshot_retention_period", value=manual_snapshot_retention_period, expected_type=type_hints["manual_snapshot_retention_period"])
+            check_type(argname="argument master_password_secret_kms_key_id", value=master_password_secret_kms_key_id, expected_type=type_hints["master_password_secret_kms_key_id"])
             check_type(argname="argument master_user_password", value=master_user_password, expected_type=type_hints["master_user_password"])
             check_type(argname="argument multi_az", value=multi_az, expected_type=type_hints["multi_az"])
             check_type(argname="argument namespace_resource_policy", value=namespace_resource_policy, expected_type=type_hints["namespace_resource_policy"])
@@ -2056,8 +2117,12 @@ class CfnClusterProps:
             self._values["logging_properties"] = logging_properties
         if maintenance_track_name is not None:
             self._values["maintenance_track_name"] = maintenance_track_name
+        if manage_master_password is not None:
+            self._values["manage_master_password"] = manage_master_password
         if manual_snapshot_retention_period is not None:
             self._values["manual_snapshot_retention_period"] = manual_snapshot_retention_period
+        if master_password_secret_kms_key_id is not None:
+            self._values["master_password_secret_kms_key_id"] = master_password_secret_kms_key_id
         if master_user_password is not None:
             self._values["master_user_password"] = master_user_password
         if multi_az is not None:
@@ -2493,6 +2558,19 @@ class CfnClusterProps:
         result = self._values.get("maintenance_track_name")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def manage_master_password(
+        self,
+    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+        '''A boolean indicating if the redshift cluster's admin user credentials is managed by Redshift or not.
+
+        You can't use MasterUserPassword if ManageMasterPassword is true. If ManageMasterPassword is false or not set, Amazon Redshift uses MasterUserPassword for the admin user account's password.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html#cfn-redshift-cluster-managemasterpassword
+        '''
+        result = self._values.get("manage_master_password")
+        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
+
     @builtins.property
     def manual_snapshot_retention_period(self) -> typing.Optional[jsii.Number]:
         '''The default number of days to retain a manual snapshot.
@@ -2506,6 +2584,15 @@ class CfnClusterProps:
         result = self._values.get("manual_snapshot_retention_period")
         return typing.cast(typing.Optional[jsii.Number], result)
 
+    @builtins.property
+    def master_password_secret_kms_key_id(self) -> typing.Optional[builtins.str]:
+        '''The ID of the Key Management Service (KMS) key used to encrypt and store the cluster's admin user credentials secret.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html#cfn-redshift-cluster-masterpasswordsecretkmskeyid
+        '''
+        result = self._values.get("master_password_secret_kms_key_id")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def master_user_password(self) -> typing.Optional[builtins.str]:
         '''The password associated with the admin user account for the cluster that is being created.
@@ -5847,7 +5934,9 @@ def _typecheckingstub__f6d25f70797e3ae67b635ec776926582ff0be975c8173c4af217f7f6e
     kms_key_id: typing.Optional[builtins.str] = None,
     logging_properties: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnCluster.LoggingPropertiesProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     maintenance_track_name: typing.Optional[builtins.str] = None,
+    manage_master_password: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     manual_snapshot_retention_period: typing.Optional[jsii.Number] = None,
+    master_password_secret_kms_key_id: typing.Optional[builtins.str] = None,
     master_user_password: typing.Optional[builtins.str] = None,
     multi_az: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     namespace_resource_policy: typing.Any = None,
@@ -6068,12 +6157,24 @@ def _typecheckingstub__fdec41d5a2f886a294c35cbf10b6f505571be31e2c00a5a1c57a87a34
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__080a467a54b42730471573ef0e1a0c26e7b4f7d5ec0a07e9f75f4d8e6d3e25bf(
+    value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__47928702ad781fa3915ff0f5068c3b692ff5d8d891b871ca8319d3632cdffe22(
     value: typing.Optional[jsii.Number],
 ) -> None:
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__e26594c22a23597c2bcb39be035e857bb61d132ed89a50d4d58e1a8f8c369e12(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__15113bc0292eb3a900fcad9d620cd08c320a19dfce07db8d055112a353c48cba(
     value: typing.Optional[builtins.str],
 ) -> None:
@@ -6305,7 +6406,9 @@ def _typecheckingstub__88d0d566c2d2524449f4cc4b794952814b68b5dcd5494f1bcdf5b417e
     kms_key_id: typing.Optional[builtins.str] = None,
     logging_properties: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnCluster.LoggingPropertiesProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     maintenance_track_name: typing.Optional[builtins.str] = None,
+    manage_master_password: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     manual_snapshot_retention_period: typing.Optional[jsii.Number] = None,
+    master_password_secret_kms_key_id: typing.Optional[builtins.str] = None,
     master_user_password: typing.Optional[builtins.str] = None,
     multi_az: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     namespace_resource_policy: typing.Any = None,

aws_cdk/aws_route53/__init__.py

@@ -185,7 +185,7 @@ route53.ARecord(self, "ARecord",
 ### Cross Account Zone Delegation
 
 If you want to have your root domain hosted zone in one account and your subdomain hosted
-zone in a diferent one, you can use `CrossAccountZoneDelegationRecord` to set up delegation
+zone in a different one, you can use `CrossAccountZoneDelegationRecord` to set up delegation
 between them.
 
 In the account containing the parent hosted zone:
@@ -198,7 +198,36 @@ cross_account_role = iam.Role(self, "CrossAccountRole",
     # The role name must be predictable
     role_name="MyDelegationRole",
     # The other account
-    assumed_by=iam.AccountPrincipal("12345678901")
+    assumed_by=iam.AccountPrincipal("12345678901"),
+    # You can scope down this role policy to be least privileged.
+    # If you want the other account to be able to manage specific records,
+    # you can scope down by resource and/or normalized record names
+    inline_policies={
+        "cross_account_policy": iam.PolicyDocument(
+            statements=[
+                iam.PolicyStatement(
+                    sid="ListHostedZonesByName",
+                    effect=iam.Effect.ALLOW,
+                    actions=["route53:ListHostedZonesByName"],
+                    resources=["*"]
+                ),
+                iam.PolicyStatement(
+                    sid="GetHostedZoneAndChangeResourceRecordSet",
+                    effect=iam.Effect.ALLOW,
+                    actions=["route53:GetHostedZone", "route53:ChangeResourceRecordSet"],
+                    # This example assumes the RecordSet subdomain.somexample.com
+                    # is contained in the HostedZone
+                    resources=["arn:aws:route53:::hostedzone/HZID00000000000000000"],
+                    conditions={
+                        "ForAllValues:StringLike": {
+                            "route53:ChangeResourceRecordSetsNormalizedRecordNames": ["subdomain.someexample.com"
+                            ]
+                        }
+                    }
+                )
+            ]
+        )
+    }
 )
 parent_zone.grant_delegation(cross_account_role)
 ```
@@ -6649,26 +6678,45 @@ class PublicHostedZoneProps(CommonHostedZoneProps):
 
         Example::
 
-            sub_zone = route53.PublicHostedZone(self, "SubZone",
-                zone_name="sub.someexample.com"
+            parent_zone = route53.PublicHostedZone(self, "HostedZone",
+                zone_name="someexample.com"
             )
-            
-            # import the delegation role by constructing the roleArn
-            delegation_role_arn = Stack.of(self).format_arn(
-                region="",  # IAM is global in each partition
-                service="iam",
-                account="parent-account-id",
-                resource="role",
-                resource_name="MyDelegationRole"
-            )
-            delegation_role = iam.Role.from_role_arn(self, "DelegationRole", delegation_role_arn)
-            
-            # create the record
-            route53.CrossAccountZoneDelegationRecord(self, "delegate",
-                delegated_zone=sub_zone,
-                parent_hosted_zone_name="someexample.com",  # or you can use parentHostedZoneId
-                delegation_role=delegation_role
+            cross_account_role = iam.Role(self, "CrossAccountRole",
+                # The role name must be predictable
+                role_name="MyDelegationRole",
+                # The other account
+                assumed_by=iam.AccountPrincipal("12345678901"),
+                # You can scope down this role policy to be least privileged.
+                # If you want the other account to be able to manage specific records,
+                # you can scope down by resource and/or normalized record names
+                inline_policies={
+                    "cross_account_policy": iam.PolicyDocument(
+                        statements=[
+                            iam.PolicyStatement(
+                                sid="ListHostedZonesByName",
+                                effect=iam.Effect.ALLOW,
+                                actions=["route53:ListHostedZonesByName"],
+                                resources=["*"]
+                            ),
+                            iam.PolicyStatement(
+                                sid="GetHostedZoneAndChangeResourceRecordSet",
+                                effect=iam.Effect.ALLOW,
+                                actions=["route53:GetHostedZone", "route53:ChangeResourceRecordSet"],
+                                # This example assumes the RecordSet subdomain.somexample.com
+                                # is contained in the HostedZone
+                                resources=["arn:aws:route53:::hostedzone/HZID00000000000000000"],
+                                conditions={
+                                    "ForAllValues:StringLike": {
+                                        "route53:ChangeResourceRecordSetsNormalizedRecordNames": ["subdomain.someexample.com"
+                                        ]
+                                    }
+                                }
+                            )
+                        ]
+                    )
+                }
             )
+            parent_zone.grant_delegation(cross_account_role)
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__b51e553dd18a8a033ac24f091492db4b2bc8c672421ced82613174be3995dcdf)

aws_cdk/aws_s3/__init__.py

@@ -6976,7 +6976,7 @@ class CfnBucket(
 
             S3 Object Ownership is an Amazon S3 bucket-level setting that you can use to disable access control lists (ACLs) and take ownership of every object in your bucket, simplifying access management for data stored in Amazon S3. For more information, see `Controlling ownership of objects and disabling ACLs <https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html>`_ in the *Amazon S3 User Guide* .
 
-            :param object_ownership: Specifies an Object Ownership rule. *Allowed values* : ``BucketOwnerEnforced`` | ``ObjectWriter`` | ``BucketOwnerPreferred``
+            :param object_ownership: Specifies an object ownership rule.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-ownershipcontrolsrule.html
             :exampleMetadata: fixture=_generated
@@ -7000,9 +7000,7 @@ class CfnBucket(
 
         @builtins.property
         def object_ownership(self) -> typing.Optional[builtins.str]:
-            '''Specifies an Object Ownership rule.
-
-            *Allowed values* : ``BucketOwnerEnforced`` | ``ObjectWriter`` | ``BucketOwnerPreferred``
+            '''Specifies an object ownership rule.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-ownershipcontrolsrule.html#cfn-s3-bucket-ownershipcontrolsrule-objectownership
             '''

aws_cdk/aws_s3objectlambda/__init__.py

@@ -846,7 +846,7 @@ class CfnAccessPoint(
         ) -> None:
             '''A configuration used when creating an Object Lambda Access Point transformation.
 
-            :param actions: A container for the action of an Object Lambda Access Point configuration. Valid inputs are ``GetObject`` , ``HeadObject`` , ``ListObject`` , and ``ListObjectV2`` .
+            :param actions: A container for the action of an Object Lambda Access Point configuration. Valid inputs are ``GetObject`` , ``HeadObject`` , ``ListObjects`` , and ``ListObjectsV2`` .
             :param content_transformation: A container for the content transformation of an Object Lambda Access Point configuration. Can include the FunctionArn and FunctionPayload. For more information, see `AwsLambdaTransformation <https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_AwsLambdaTransformation.html>`_ in the *Amazon S3 API Reference* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3objectlambda-accesspoint-transformationconfiguration.html
@@ -878,7 +878,7 @@ class CfnAccessPoint(
         def actions(self) -> typing.List[builtins.str]:
             '''A container for the action of an Object Lambda Access Point configuration.
 
-            Valid inputs are ``GetObject`` , ``HeadObject`` , ``ListObject`` , and ``ListObjectV2`` .
+            Valid inputs are ``GetObject`` , ``HeadObject`` , ``ListObjects`` , and ``ListObjectsV2`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3objectlambda-accesspoint-transformationconfiguration.html#cfn-s3objectlambda-accesspoint-transformationconfiguration-actions
             '''

aws_cdk/aws_servicecatalogappregistry/__init__.py

@@ -151,9 +151,9 @@ class CfnApplication(
     @builtins.property
     @jsii.member(jsii_name="attrApplicationTagKey")
     def attr_application_tag_key(self) -> builtins.str:
-        '''The key of the AWS application tag, which is ``awsApplication`` .
+        '''The key of the AWS application tag, which is awsApplication.
 
-        Applications created before 11/13/2023 or applications without the ``AppTag`` linked resource group return no value.
+        Applications created before 11/13/2023 or applications without the AWS application tag resource group return no value.
 
         :cloudformationAttribute: ApplicationTagKey
         '''
@@ -164,7 +164,7 @@ class CfnApplication(
     def attr_application_tag_value(self) -> builtins.str:
         '''The value of the AWS application tag, which is the identifier of an associated resource.
 
-        Applications created before 11/13/2023 or applications without the ``AppTag`` linked resource group return no value.
+        Applications created before 11/13/2023 or applications without the AWS application tag resource group return no value.
 
         :cloudformationAttribute: ApplicationTagValue
         '''

aws_cdk/aws_signer/__init__.py

@@ -833,6 +833,20 @@ class Platform(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_signer.Platfo
         )
     '''
 
+    @jsii.member(jsii_name="of")
+    @builtins.classmethod
+    def of(cls, platform_id: builtins.str) -> "Platform":
+        '''Custom signing profile platform.
+
+        :param platform_id: - The id of signing platform.
+
+        :see: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-signer-signingprofile.html#cfn-signer-signingprofile-platformid
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__d87af39f6269f8a900ddd70cc76e7c44cea15649627230d7b387b9814c9d1672)
+            check_type(argname="argument platform_id", value=platform_id, expected_type=type_hints["platform_id"])
+        return typing.cast("Platform", jsii.sinvoke(cls, "of", [platform_id]))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="AMAZON_FREE_RTOS_DEFAULT")
     def AMAZON_FREE_RTOS_DEFAULT(cls) -> "Platform":
@@ -857,13 +871,16 @@ class Platform(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_signer.Platfo
         '''Specification of signature format and signing algorithms for AWS Lambda.'''
         return typing.cast("Platform", jsii.sget(cls, "AWS_LAMBDA_SHA384_ECDSA"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="NOTATION_OCI_SHA384_ECDSA")
+    def NOTATION_OCI_SHA384_ECDSA(cls) -> "Platform":
+        '''Specification of signature format and signing algorithms with SHA256 hash and ECDSA encryption for container registries with notation.'''
+        return typing.cast("Platform", jsii.sget(cls, "NOTATION_OCI_SHA384_ECDSA"))
+
     @builtins.property
     @jsii.member(jsii_name="platformId")
     def platform_id(self) -> builtins.str:
-        '''The id of signing platform.
-
-        :see: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-signer-signingprofile.html#cfn-signer-signingprofile-platformid
-        '''
+        '''- The id of signing platform.'''
         return typing.cast(builtins.str, jsii.get(self, "platformId"))
 
 
@@ -1284,6 +1301,12 @@ def _typecheckingstub__9e40d7ccf57c93b4e1db5a4e6b98b562bce8ff86b219931d0d4cfb16a
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__d87af39f6269f8a900ddd70cc76e7c44cea15649627230d7b387b9814c9d1672(
+    platform_id: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__98d9bc1982105f0416e608780fc4048b7d0a29f62734adc8b7c72c6ddb875169(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,