aws-cdk-lib 2.117.0__py3-none-any.whl → 2.119.0__py3-none-any.whl

aws_cdk/aws_ssm/__init__.py

@@ -5110,6 +5110,7 @@ class CfnPatchBaseline(
             approved_patches=["approvedPatches"],
             approved_patches_compliance_level="approvedPatchesComplianceLevel",
             approved_patches_enable_non_security=False,
+            default_baseline=False,
             description="description",
             global_filters=ssm.CfnPatchBaseline.PatchFilterGroupProperty(
                 patch_filters=[ssm.CfnPatchBaseline.PatchFilterProperty(
@@ -5143,6 +5144,7 @@ class CfnPatchBaseline(
         approved_patches: typing.Optional[typing.Sequence[builtins.str]] = None,
         approved_patches_compliance_level: typing.Optional[builtins.str] = None,
         approved_patches_enable_non_security: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+        default_baseline: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         description: typing.Optional[builtins.str] = None,
         global_filters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnPatchBaseline.PatchFilterGroupProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         operating_system: typing.Optional[builtins.str] = None,
@@ -5158,14 +5160,15 @@ class CfnPatchBaseline(
         :param name: The name of the patch baseline.
         :param approval_rules: A set of rules used to include patches in the baseline.
         :param approved_patches: A list of explicitly approved patches for the baseline. For information about accepted formats for lists of approved patches and rejected patches, see `About package name formats for approved and rejected patch lists <https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html>`_ in the *AWS Systems Manager User Guide* .
-        :param approved_patches_compliance_level: Defines the compliance level for approved patches. When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is ``UNSPECIFIED`` .
-        :param approved_patches_enable_non_security: Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is ``false`` . Applies to Linux managed nodes only.
+        :param approved_patches_compliance_level: Defines the compliance level for approved patches. When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is ``UNSPECIFIED`` . Default: - "UNSPECIFIED"
+        :param approved_patches_enable_non_security: Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is ``false`` . Applies to Linux managed nodes only. Default: - false
+        :param default_baseline: Set the baseline as default baseline. Only registering to default patch baseline is allowed. Default: - false
         :param description: A description of the patch baseline.
         :param global_filters: A set of global filters used to include patches in the baseline.
-        :param operating_system: Defines the operating system the patch baseline applies to. The default value is ``WINDOWS`` .
+        :param operating_system: Defines the operating system the patch baseline applies to. The default value is ``WINDOWS`` . Default: - "WINDOWS"
         :param patch_groups: The name of the patch group to be registered with the patch baseline.
         :param rejected_patches: A list of explicitly rejected patches for the baseline. For information about accepted formats for lists of approved patches and rejected patches, see `About package name formats for approved and rejected patch lists <https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html>`_ in the *AWS Systems Manager User Guide* .
-        :param rejected_patches_action: The action for Patch Manager to take on patches included in the ``RejectedPackages`` list. - *``ALLOW_AS_DEPENDENCY``* : A package in the ``Rejected`` patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as ``InstalledOther`` . This is the default action if no option is specified. - *``BLOCK``* : Packages in the ``RejectedPatches`` list, and packages that include them as dependencies, aren't installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported as ``InstalledRejected`` .
+        :param rejected_patches_action: The action for Patch Manager to take on patches included in the ``RejectedPackages`` list. - *``ALLOW_AS_DEPENDENCY``* : A package in the ``Rejected`` patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as ``InstalledOther`` . This is the default action if no option is specified. - *``BLOCK``* : Packages in the ``RejectedPatches`` list, and packages that include them as dependencies, aren't installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported as ``InstalledRejected`` . Default: - "ALLOW_AS_DEPENDENCY"
         :param sources: Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.
         :param tags: Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a patch baseline to identify the severity level of patches it specifies and the operating system family it applies to.
         '''
@@ -5179,6 +5182,7 @@ class CfnPatchBaseline(
             approved_patches=approved_patches,
             approved_patches_compliance_level=approved_patches_compliance_level,
             approved_patches_enable_non_security=approved_patches_enable_non_security,
+            default_baseline=default_baseline,
             description=description,
             global_filters=global_filters,
             operating_system=operating_system,
@@ -5224,7 +5228,8 @@ class CfnPatchBaseline(
     @builtins.property
     @jsii.member(jsii_name="attrId")
     def attr_id(self) -> builtins.str:
-        '''
+        '''The ID of the patch baseline.
+
         :cloudformationAttribute: Id
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrId"))
@@ -5321,6 +5326,24 @@ class CfnPatchBaseline(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "approvedPatchesEnableNonSecurity", value)
 
+    @builtins.property
+    @jsii.member(jsii_name="defaultBaseline")
+    def default_baseline(
+        self,
+    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+        '''Set the baseline as default baseline.'''
+        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "defaultBaseline"))
+
+    @default_baseline.setter
+    def default_baseline(
+        self,
+        value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__a82f38addd776fccd7d2225bc356d9a6e4dc42b938cbf56c083c34cd4994c239)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "defaultBaseline", value)
+
     @builtins.property
     @jsii.member(jsii_name="description")
     def description(self) -> typing.Optional[builtins.str]:
@@ -5597,11 +5620,11 @@ class CfnPatchBaseline(
         ) -> None:
             '''``PatchSource`` is the property type for the ``Sources`` resource of the `AWS::SSM::PatchBaseline <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html>`_ resource.
 
-            The AWS CloudFormation ``AWS::SSM::PatchSource`` resource is used to provide information about the patches to use to update target instances, including target operating systems and source repository. Applies to Linux instances only.
+            The AWS CloudFormation ``AWS::SSM::PatchSource`` resource is used to provide information about the patches to use to update target instances, including target operating systems and source repository. Applies to Linux managed nodes only.
 
             :param configuration: The value of the yum repo configuration. For example:. ``[main]`` ``name=MyCustomRepository`` ``baseurl=https://my-custom-repository`` ``enabled=1`` .. epigraph:: For information about other options available for your yum repository configuration, see `dnf.conf(5) <https://docs.aws.amazon.com/https://man7.org/linux/man-pages/man5/dnf.conf.5.html>`_ .
             :param name: The name specified to identify the patch source.
-            :param products: The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see `PatchFilter <https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PatchFilter.html>`_ in the *AWS Systems Manager API Reference* .
+            :param products: The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see `PatchFilter <https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PatchFilter.html>`_ in the *AWS Systems Manager API Reference* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ssm-patchbaseline-patchsource.html
             :exampleMetadata: fixture=_generated
@@ -5662,7 +5685,7 @@ class CfnPatchBaseline(
 
         @builtins.property
         def products(self) -> typing.Optional[typing.List[builtins.str]]:
-            '''The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see `PatchFilter <https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PatchFilter.html>`_ in the *AWS Systems Manager API Reference* .
+            '''The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see `PatchFilter <https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PatchFilter.html>`_ in the *AWS Systems Manager API Reference* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ssm-patchbaseline-patchsource.html#cfn-ssm-patchbaseline-patchsource-products
             '''
@@ -5778,7 +5801,7 @@ class CfnPatchBaseline(
             :param approve_after_days: The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of ``7`` means that patches are approved seven days after they are released. You must specify a value for ``ApproveAfterDays`` . Exception: Not supported on Debian Server or Ubuntu Server.
             :param approve_until_date: The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Not supported on Debian Server or Ubuntu Server. Enter dates in the format ``YYYY-MM-DD`` . For example, ``2021-12-31`` .
             :param compliance_level: A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: ``UNSPECIFIED`` , ``CRITICAL`` , ``HIGH`` , ``MEDIUM`` , ``LOW`` , and ``INFORMATIONAL`` .
-            :param enable_non_security: For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is ``false`` . Applies to Linux managed nodes only.
+            :param enable_non_security: For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is ``false`` . Applies to Linux managed nodes only. Default: - false
             :param patch_filter_group: The patch filter group that defines the criteria for the rule.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ssm-patchbaseline-rule.html
@@ -5869,6 +5892,8 @@ class CfnPatchBaseline(
 
             The default value is ``false`` . Applies to Linux managed nodes only.
 
+            :default: - false
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ssm-patchbaseline-rule.html#cfn-ssm-patchbaseline-rule-enablenonsecurity
             '''
             result = self._values.get("enable_non_security")
@@ -5906,6 +5931,7 @@ class CfnPatchBaseline(
         "approved_patches": "approvedPatches",
         "approved_patches_compliance_level": "approvedPatchesComplianceLevel",
         "approved_patches_enable_non_security": "approvedPatchesEnableNonSecurity",
+        "default_baseline": "defaultBaseline",
         "description": "description",
         "global_filters": "globalFilters",
         "operating_system": "operatingSystem",
@@ -5925,6 +5951,7 @@ class CfnPatchBaselineProps:
         approved_patches: typing.Optional[typing.Sequence[builtins.str]] = None,
         approved_patches_compliance_level: typing.Optional[builtins.str] = None,
         approved_patches_enable_non_security: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+        default_baseline: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         description: typing.Optional[builtins.str] = None,
         global_filters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnPatchBaseline.PatchFilterGroupProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         operating_system: typing.Optional[builtins.str] = None,
@@ -5939,14 +5966,15 @@ class CfnPatchBaselineProps:
         :param name: The name of the patch baseline.
         :param approval_rules: A set of rules used to include patches in the baseline.
         :param approved_patches: A list of explicitly approved patches for the baseline. For information about accepted formats for lists of approved patches and rejected patches, see `About package name formats for approved and rejected patch lists <https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html>`_ in the *AWS Systems Manager User Guide* .
-        :param approved_patches_compliance_level: Defines the compliance level for approved patches. When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is ``UNSPECIFIED`` .
-        :param approved_patches_enable_non_security: Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is ``false`` . Applies to Linux managed nodes only.
+        :param approved_patches_compliance_level: Defines the compliance level for approved patches. When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is ``UNSPECIFIED`` . Default: - "UNSPECIFIED"
+        :param approved_patches_enable_non_security: Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is ``false`` . Applies to Linux managed nodes only. Default: - false
+        :param default_baseline: Set the baseline as default baseline. Only registering to default patch baseline is allowed. Default: - false
         :param description: A description of the patch baseline.
         :param global_filters: A set of global filters used to include patches in the baseline.
-        :param operating_system: Defines the operating system the patch baseline applies to. The default value is ``WINDOWS`` .
+        :param operating_system: Defines the operating system the patch baseline applies to. The default value is ``WINDOWS`` . Default: - "WINDOWS"
         :param patch_groups: The name of the patch group to be registered with the patch baseline.
         :param rejected_patches: A list of explicitly rejected patches for the baseline. For information about accepted formats for lists of approved patches and rejected patches, see `About package name formats for approved and rejected patch lists <https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html>`_ in the *AWS Systems Manager User Guide* .
-        :param rejected_patches_action: The action for Patch Manager to take on patches included in the ``RejectedPackages`` list. - *``ALLOW_AS_DEPENDENCY``* : A package in the ``Rejected`` patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as ``InstalledOther`` . This is the default action if no option is specified. - *``BLOCK``* : Packages in the ``RejectedPatches`` list, and packages that include them as dependencies, aren't installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported as ``InstalledRejected`` .
+        :param rejected_patches_action: The action for Patch Manager to take on patches included in the ``RejectedPackages`` list. - *``ALLOW_AS_DEPENDENCY``* : A package in the ``Rejected`` patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as ``InstalledOther`` . This is the default action if no option is specified. - *``BLOCK``* : Packages in the ``RejectedPatches`` list, and packages that include them as dependencies, aren't installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported as ``InstalledRejected`` . Default: - "ALLOW_AS_DEPENDENCY"
         :param sources: Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.
         :param tags: Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a patch baseline to identify the severity level of patches it specifies and the operating system family it applies to.
 
@@ -5980,6 +6008,7 @@ class CfnPatchBaselineProps:
                 approved_patches=["approvedPatches"],
                 approved_patches_compliance_level="approvedPatchesComplianceLevel",
                 approved_patches_enable_non_security=False,
+                default_baseline=False,
                 description="description",
                 global_filters=ssm.CfnPatchBaseline.PatchFilterGroupProperty(
                     patch_filters=[ssm.CfnPatchBaseline.PatchFilterProperty(
@@ -6009,6 +6038,7 @@ class CfnPatchBaselineProps:
             check_type(argname="argument approved_patches", value=approved_patches, expected_type=type_hints["approved_patches"])
             check_type(argname="argument approved_patches_compliance_level", value=approved_patches_compliance_level, expected_type=type_hints["approved_patches_compliance_level"])
             check_type(argname="argument approved_patches_enable_non_security", value=approved_patches_enable_non_security, expected_type=type_hints["approved_patches_enable_non_security"])
+            check_type(argname="argument default_baseline", value=default_baseline, expected_type=type_hints["default_baseline"])
             check_type(argname="argument description", value=description, expected_type=type_hints["description"])
             check_type(argname="argument global_filters", value=global_filters, expected_type=type_hints["global_filters"])
             check_type(argname="argument operating_system", value=operating_system, expected_type=type_hints["operating_system"])
@@ -6028,6 +6058,8 @@ class CfnPatchBaselineProps:
             self._values["approved_patches_compliance_level"] = approved_patches_compliance_level
         if approved_patches_enable_non_security is not None:
             self._values["approved_patches_enable_non_security"] = approved_patches_enable_non_security
+        if default_baseline is not None:
+            self._values["default_baseline"] = default_baseline
         if description is not None:
             self._values["description"] = description
         if global_filters is not None:
@@ -6083,6 +6115,8 @@ class CfnPatchBaselineProps:
 
         When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is ``UNSPECIFIED`` .
 
+        :default: - "UNSPECIFIED"
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html#cfn-ssm-patchbaseline-approvedpatchescompliancelevel
         '''
         result = self._values.get("approved_patches_compliance_level")
@@ -6096,11 +6130,28 @@ class CfnPatchBaselineProps:
 
         The default value is ``false`` . Applies to Linux managed nodes only.
 
+        :default: - false
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html#cfn-ssm-patchbaseline-approvedpatchesenablenonsecurity
         '''
         result = self._values.get("approved_patches_enable_non_security")
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
 
+    @builtins.property
+    def default_baseline(
+        self,
+    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+        '''Set the baseline as default baseline.
+
+        Only registering to default patch baseline is allowed.
+
+        :default: - false
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html#cfn-ssm-patchbaseline-defaultbaseline
+        '''
+        result = self._values.get("default_baseline")
+        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
+
     @builtins.property
     def description(self) -> typing.Optional[builtins.str]:
         '''A description of the patch baseline.
@@ -6127,6 +6178,8 @@ class CfnPatchBaselineProps:
 
         The default value is ``WINDOWS`` .
 
+        :default: - "WINDOWS"
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html#cfn-ssm-patchbaseline-operatingsystem
         '''
         result = self._values.get("operating_system")
@@ -6159,6 +6212,8 @@ class CfnPatchBaselineProps:
         - *``ALLOW_AS_DEPENDENCY``* : A package in the ``Rejected`` patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as ``InstalledOther`` . This is the default action if no option is specified.
         - *``BLOCK``* : Packages in the ``RejectedPatches`` list, and packages that include them as dependencies, aren't installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported as ``InstalledRejected`` .
 
+        :default: - "ALLOW_AS_DEPENDENCY"
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html#cfn-ssm-patchbaseline-rejectedpatchesaction
         '''
         result = self._values.get("rejected_patches_action")
@@ -9915,6 +9970,7 @@ def _typecheckingstub__5b87565e6649bbe5a503013adf6ae874b3dc918c05cd6b120b99a77e8
     approved_patches: typing.Optional[typing.Sequence[builtins.str]] = None,
     approved_patches_compliance_level: typing.Optional[builtins.str] = None,
     approved_patches_enable_non_security: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+    default_baseline: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     description: typing.Optional[builtins.str] = None,
     global_filters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnPatchBaseline.PatchFilterGroupProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     operating_system: typing.Optional[builtins.str] = None,
@@ -9969,6 +10025,12 @@ def _typecheckingstub__596ca4adbe9b66ae96ac84884c609e25720aab40b7f9d665e6ea16808
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__a82f38addd776fccd7d2225bc356d9a6e4dc42b938cbf56c083c34cd4994c239(
+    value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__4e0764881f21962614874d74c4570aaad8c8757ec8f88735329f4ff151db61a0(
     value: typing.Optional[builtins.str],
 ) -> None:
@@ -10066,6 +10128,7 @@ def _typecheckingstub__ff6666a30d275f2a85d64de631c940fb83198b8b5a376b87a3a684f4a
     approved_patches: typing.Optional[typing.Sequence[builtins.str]] = None,
     approved_patches_compliance_level: typing.Optional[builtins.str] = None,
     approved_patches_enable_non_security: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+    default_baseline: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     description: typing.Optional[builtins.str] = None,
     global_filters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnPatchBaseline.PatchFilterGroupProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     operating_system: typing.Optional[builtins.str] = None,

aws_cdk/aws_stepfunctions/__init__.py

@@ -589,6 +589,13 @@ custom = sfn.CustomState(self, "my custom task",
 error_handler = sfn.Pass(self, "handle failure")
 custom.add_catch(error_handler)
 
+# retry the task if something goes wrong
+custom.add_retry(
+    errors=[sfn.Errors.ALL],
+    interval=Duration.seconds(10),
+    max_attempts=5
+)
+
 chain = sfn.Chain.start(custom).next(final_status)
 
 sm = sfn.StateMachine(self, "StateMachine",
@@ -4477,6 +4484,13 @@ class CustomStateProps:
             error_handler = sfn.Pass(self, "handle failure")
             custom.add_catch(error_handler)
             
+            # retry the task if something goes wrong
+            custom.add_retry(
+                errors=[sfn.Errors.ALL],
+                interval=Duration.seconds(10),
+                max_attempts=5
+            )
+            
             chain = sfn.Chain.start(custom).next(final_status)
             
             sm = sfn.StateMachine(self, "StateMachine",
@@ -4792,15 +4806,65 @@ class DefinitionConfig:
 class Errors(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_stepfunctions.Errors"):
     '''Predefined error strings Error names in Amazon States Language - https://states-language.net/spec.html#appendix-a Error handling in Step Functions - https://docs.aws.amazon.com/step-functions/latest/dg/concepts-error-handling.html.
 
-    :exampleMetadata: fixture=_generated
+    :exampleMetadata: infused
 
     Example::
 
-        # The code below shows an example of how to instantiate this type.
-        # The values are placeholders you should change.
-        from aws_cdk import aws_stepfunctions as stepfunctions
+        import aws_cdk.aws_dynamodb as dynamodb
+        
+        
+        # create a table
+        table = dynamodb.Table(self, "montable",
+            partition_key=dynamodb.Attribute(
+                name="id",
+                type=dynamodb.AttributeType.STRING
+            )
+        )
+        
+        final_status = sfn.Pass(self, "final step")
         
-        errors = stepfunctions.Errors()
+        # States language JSON to put an item into DynamoDB
+        # snippet generated from https://docs.aws.amazon.com/step-functions/latest/dg/tutorial-code-snippet.html#tutorial-code-snippet-1
+        state_json = {
+            "Type": "Task",
+            "Resource": "arn:aws:states:::dynamodb:putItem",
+            "Parameters": {
+                "TableName": table.table_name,
+                "Item": {
+                    "id": {
+                        "S": "MyEntry"
+                    }
+                }
+            },
+            "ResultPath": null
+        }
+        
+        # custom state which represents a task to insert data into DynamoDB
+        custom = sfn.CustomState(self, "my custom task",
+            state_json=state_json
+        )
+        
+        # catch errors with addCatch
+        error_handler = sfn.Pass(self, "handle failure")
+        custom.add_catch(error_handler)
+        
+        # retry the task if something goes wrong
+        custom.add_retry(
+            errors=[sfn.Errors.ALL],
+            interval=Duration.seconds(10),
+            max_attempts=5
+        )
+        
+        chain = sfn.Chain.start(custom).next(final_status)
+        
+        sm = sfn.StateMachine(self, "StateMachine",
+            definition_body=sfn.DefinitionBody.from_chainable(chain),
+            timeout=Duration.seconds(30),
+            comment="a super cool state machine"
+        )
+        
+        # don't forget permissions. You need to assign them
+        table.grant_write_data(sm)
     '''
 
     def __init__(self) -> None:
@@ -12641,6 +12705,13 @@ class CustomState(
         error_handler = sfn.Pass(self, "handle failure")
         custom.add_catch(error_handler)
         
+        # retry the task if something goes wrong
+        custom.add_retry(
+            errors=[sfn.Errors.ALL],
+            interval=Duration.seconds(10),
+            max_attempts=5
+        )
+        
         chain = sfn.Chain.start(custom).next(final_status)
         
         sm = sfn.StateMachine(self, "StateMachine",
@@ -12697,6 +12768,40 @@ class CustomState(
 
         return typing.cast("CustomState", jsii.invoke(self, "addCatch", [handler, props]))
 
+    @jsii.member(jsii_name="addRetry")
+    def add_retry(
+        self,
+        *,
+        backoff_rate: typing.Optional[jsii.Number] = None,
+        errors: typing.Optional[typing.Sequence[builtins.str]] = None,
+        interval: typing.Optional[_Duration_4839e8c3] = None,
+        jitter_strategy: typing.Optional[JitterType] = None,
+        max_attempts: typing.Optional[jsii.Number] = None,
+        max_delay: typing.Optional[_Duration_4839e8c3] = None,
+    ) -> "CustomState":
+        '''Add retry configuration for this state.
+
+        This controls if and how the execution will be retried if a particular
+        error occurs.
+
+        :param backoff_rate: Multiplication for how much longer the wait interval gets on every retry. Default: 2
+        :param errors: Errors to retry. A list of error strings to retry, which can be either predefined errors (for example Errors.NoChoiceMatched) or a self-defined error. Default: All errors
+        :param interval: How many seconds to wait initially before retrying. Default: Duration.seconds(1)
+        :param jitter_strategy: Introduces a randomization over the retry interval. Default: - No jitter strategy
+        :param max_attempts: How many times to retry this particular error. May be 0 to disable retry for specific errors (in case you have a catch-all retry policy). Default: 3
+        :param max_delay: Maximum limit on retry interval growth during exponential backoff. Default: - No max delay
+        '''
+        props = RetryProps(
+            backoff_rate=backoff_rate,
+            errors=errors,
+            interval=interval,
+            jitter_strategy=jitter_strategy,
+            max_attempts=max_attempts,
+            max_delay=max_delay,
+        )
+
+        return typing.cast("CustomState", jsii.invoke(self, "addRetry", [props]))
+
     @jsii.member(jsii_name="next")
     def next(self, next: IChainable) -> Chain:
         '''Continue normal execution with the given state.