aws-cdk-lib 2.118.0__py3-none-any.whl → 2.119.0__py3-none-any.whl

aws_cdk/aws_glue/__init__.py

@@ -3209,6 +3209,275 @@ class CfnCrawlerProps:
         )
 
 
+@jsii.implements(_IInspectable_c2943556)
+class CfnCustomEntityType(
+    _CfnResource_9df397a6,
+    metaclass=jsii.JSIIMeta,
+    jsii_type="aws-cdk-lib.aws_glue.CfnCustomEntityType",
+):
+    '''Creates a custom pattern that is used to detect sensitive data across the columns and rows of your structured data.
+
+    Each custom pattern you create specifies a regular expression and an optional list of context words. If no context words are passed only a regular expression is checked.
+
+    :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-customentitytype.html
+    :cloudformationResource: AWS::Glue::CustomEntityType
+    :exampleMetadata: fixture=_generated
+
+    Example::
+
+        # The code below shows an example of how to instantiate this type.
+        # The values are placeholders you should change.
+        from aws_cdk import aws_glue as glue
+        
+        # tags: Any
+        
+        cfn_custom_entity_type = glue.CfnCustomEntityType(self, "MyCfnCustomEntityType",
+            context_words=["contextWords"],
+            name="name",
+            regex_string="regexString",
+            tags=tags
+        )
+    '''
+
+    def __init__(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        *,
+        context_words: typing.Optional[typing.Sequence[builtins.str]] = None,
+        name: typing.Optional[builtins.str] = None,
+        regex_string: typing.Optional[builtins.str] = None,
+        tags: typing.Any = None,
+    ) -> None:
+        '''
+        :param scope: Scope in which this resource is defined.
+        :param id: Construct identifier for this resource (unique in its scope).
+        :param context_words: A list of context words. If none of these context words are found within the vicinity of the regular expression the data will not be detected as sensitive data. If no context words are passed only a regular expression is checked.
+        :param name: A name for the custom pattern that allows it to be retrieved or deleted later. This name must be unique per AWS account.
+        :param regex_string: A regular expression string that is used for detecting sensitive data in a custom pattern.
+        :param tags: 
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__513b5382e12edfa036d553799dc23a98aa5ab82a6014b0bf9734336e4df0b878)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        props = CfnCustomEntityTypeProps(
+            context_words=context_words,
+            name=name,
+            regex_string=regex_string,
+            tags=tags,
+        )
+
+        jsii.create(self.__class__, self, [scope, id, props])
+
+    @jsii.member(jsii_name="inspect")
+    def inspect(self, inspector: _TreeInspector_488e0dd5) -> None:
+        '''Examines the CloudFormation resource and discloses attributes.
+
+        :param inspector: tree inspector to collect and process attributes.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__f1161ed4cb74764a76ad0a2a8d9218348384b8c59f0f79872699c83d6a9671c3)
+            check_type(argname="argument inspector", value=inspector, expected_type=type_hints["inspector"])
+        return typing.cast(None, jsii.invoke(self, "inspect", [inspector]))
+
+    @jsii.member(jsii_name="renderProperties")
+    def _render_properties(
+        self,
+        props: typing.Mapping[builtins.str, typing.Any],
+    ) -> typing.Mapping[builtins.str, typing.Any]:
+        '''
+        :param props: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__5a44dbad5acfb5d1ab1a4900296aa7aa8dd3f89c6979168443c7cc1d42463a11)
+            check_type(argname="argument props", value=props, expected_type=type_hints["props"])
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.invoke(self, "renderProperties", [props]))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="CFN_RESOURCE_TYPE_NAME")
+    def CFN_RESOURCE_TYPE_NAME(cls) -> builtins.str:
+        '''The CloudFormation resource type name for this resource class.'''
+        return typing.cast(builtins.str, jsii.sget(cls, "CFN_RESOURCE_TYPE_NAME"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrId")
+    def attr_id(self) -> builtins.str:
+        '''
+        :cloudformationAttribute: Id
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrId"))
+
+    @builtins.property
+    @jsii.member(jsii_name="cfnProperties")
+    def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
+
+    @builtins.property
+    @jsii.member(jsii_name="contextWords")
+    def context_words(self) -> typing.Optional[typing.List[builtins.str]]:
+        '''A list of context words.'''
+        return typing.cast(typing.Optional[typing.List[builtins.str]], jsii.get(self, "contextWords"))
+
+    @context_words.setter
+    def context_words(self, value: typing.Optional[typing.List[builtins.str]]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__d9a1b7db0046368ee993569d7df3e7fd0804b6e98a87f04e557ae064873f7978)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "contextWords", value)
+
+    @builtins.property
+    @jsii.member(jsii_name="name")
+    def name(self) -> typing.Optional[builtins.str]:
+        '''A name for the custom pattern that allows it to be retrieved or deleted later.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "name"))
+
+    @name.setter
+    def name(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__d11901df483ca1c3600c4415a97269b90d2adfe324a4327071f30bddc8fc6369)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "name", value)
+
+    @builtins.property
+    @jsii.member(jsii_name="regexString")
+    def regex_string(self) -> typing.Optional[builtins.str]:
+        '''A regular expression string that is used for detecting sensitive data in a custom pattern.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "regexString"))
+
+    @regex_string.setter
+    def regex_string(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__258029d677ed510f6e111f28b88a3fd5ca710364677c254b86f15149c3939f01)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "regexString", value)
+
+    @builtins.property
+    @jsii.member(jsii_name="tags")
+    def tags(self) -> typing.Any:
+        return typing.cast(typing.Any, jsii.get(self, "tags"))
+
+    @tags.setter
+    def tags(self, value: typing.Any) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__004ded3c6afee7c54be15b960f2dfa901eda8ff5ffd11f03dc0ad21cd665d3e9)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "tags", value)
+
+
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_glue.CfnCustomEntityTypeProps",
+    jsii_struct_bases=[],
+    name_mapping={
+        "context_words": "contextWords",
+        "name": "name",
+        "regex_string": "regexString",
+        "tags": "tags",
+    },
+)
+class CfnCustomEntityTypeProps:
+    def __init__(
+        self,
+        *,
+        context_words: typing.Optional[typing.Sequence[builtins.str]] = None,
+        name: typing.Optional[builtins.str] = None,
+        regex_string: typing.Optional[builtins.str] = None,
+        tags: typing.Any = None,
+    ) -> None:
+        '''Properties for defining a ``CfnCustomEntityType``.
+
+        :param context_words: A list of context words. If none of these context words are found within the vicinity of the regular expression the data will not be detected as sensitive data. If no context words are passed only a regular expression is checked.
+        :param name: A name for the custom pattern that allows it to be retrieved or deleted later. This name must be unique per AWS account.
+        :param regex_string: A regular expression string that is used for detecting sensitive data in a custom pattern.
+        :param tags: 
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-customentitytype.html
+        :exampleMetadata: fixture=_generated
+
+        Example::
+
+            # The code below shows an example of how to instantiate this type.
+            # The values are placeholders you should change.
+            from aws_cdk import aws_glue as glue
+            
+            # tags: Any
+            
+            cfn_custom_entity_type_props = glue.CfnCustomEntityTypeProps(
+                context_words=["contextWords"],
+                name="name",
+                regex_string="regexString",
+                tags=tags
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__b89d4d1c0831361548b8a9b2f2dbfff2bf67857569a0c9b0cc33179f8c618967)
+            check_type(argname="argument context_words", value=context_words, expected_type=type_hints["context_words"])
+            check_type(argname="argument name", value=name, expected_type=type_hints["name"])
+            check_type(argname="argument regex_string", value=regex_string, expected_type=type_hints["regex_string"])
+            check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {}
+        if context_words is not None:
+            self._values["context_words"] = context_words
+        if name is not None:
+            self._values["name"] = name
+        if regex_string is not None:
+            self._values["regex_string"] = regex_string
+        if tags is not None:
+            self._values["tags"] = tags
+
+    @builtins.property
+    def context_words(self) -> typing.Optional[typing.List[builtins.str]]:
+        '''A list of context words.
+
+        If none of these context words are found within the vicinity of the regular expression the data will not be detected as sensitive data.
+
+        If no context words are passed only a regular expression is checked.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-customentitytype.html#cfn-glue-customentitytype-contextwords
+        '''
+        result = self._values.get("context_words")
+        return typing.cast(typing.Optional[typing.List[builtins.str]], result)
+
+    @builtins.property
+    def name(self) -> typing.Optional[builtins.str]:
+        '''A name for the custom pattern that allows it to be retrieved or deleted later.
+
+        This name must be unique per AWS account.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-customentitytype.html#cfn-glue-customentitytype-name
+        '''
+        result = self._values.get("name")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def regex_string(self) -> typing.Optional[builtins.str]:
+        '''A regular expression string that is used for detecting sensitive data in a custom pattern.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-customentitytype.html#cfn-glue-customentitytype-regexstring
+        '''
+        result = self._values.get("regex_string")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def tags(self) -> typing.Any:
+        '''
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-customentitytype.html#cfn-glue-customentitytype-tags
+        '''
+        result = self._values.get("tags")
+        return typing.cast(typing.Any, result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "CfnCustomEntityTypeProps(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
 @jsii.implements(_IInspectable_c2943556)
 class CfnDataCatalogEncryptionSettings(
     _CfnResource_9df397a6,
@@ -14312,6 +14581,8 @@ __all__ = [
     "CfnConnectionProps",
     "CfnCrawler",
     "CfnCrawlerProps",
+    "CfnCustomEntityType",
+    "CfnCustomEntityTypeProps",
     "CfnDataCatalogEncryptionSettings",
     "CfnDataCatalogEncryptionSettingsProps",
     "CfnDataQualityRuleset",
@@ -14741,6 +15012,64 @@ def _typecheckingstub__51125dcaf0f55fdaefa50d6b9c05a6e431008538b8ab24abc0fbe126f
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__513b5382e12edfa036d553799dc23a98aa5ab82a6014b0bf9734336e4df0b878(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    *,
+    context_words: typing.Optional[typing.Sequence[builtins.str]] = None,
+    name: typing.Optional[builtins.str] = None,
+    regex_string: typing.Optional[builtins.str] = None,
+    tags: typing.Any = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__f1161ed4cb74764a76ad0a2a8d9218348384b8c59f0f79872699c83d6a9671c3(
+    inspector: _TreeInspector_488e0dd5,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__5a44dbad5acfb5d1ab1a4900296aa7aa8dd3f89c6979168443c7cc1d42463a11(
+    props: typing.Mapping[builtins.str, typing.Any],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__d9a1b7db0046368ee993569d7df3e7fd0804b6e98a87f04e557ae064873f7978(
+    value: typing.Optional[typing.List[builtins.str]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__d11901df483ca1c3600c4415a97269b90d2adfe324a4327071f30bddc8fc6369(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__258029d677ed510f6e111f28b88a3fd5ca710364677c254b86f15149c3939f01(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__004ded3c6afee7c54be15b960f2dfa901eda8ff5ffd11f03dc0ad21cd665d3e9(
+    value: typing.Any,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__b89d4d1c0831361548b8a9b2f2dbfff2bf67857569a0c9b0cc33179f8c618967(
+    *,
+    context_words: typing.Optional[typing.Sequence[builtins.str]] = None,
+    name: typing.Optional[builtins.str] = None,
+    regex_string: typing.Optional[builtins.str] = None,
+    tags: typing.Any = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__282fa6292001a27626ebcdd16c3756f6c1f39e2fce0bffe2aa07015e603b0c74(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,

aws_cdk/aws_iam/__init__.py

@@ -9869,27 +9869,34 @@ class PolicyStatement(
 ):
     '''Represents a statement in an IAM policy document.
 
-    :exampleMetadata: infused
+    :exampleMetadata: lit=aws-ec2/test/integ.vpc-endpoint.lit.ts infused
 
     Example::
 
-        cross_account_role_arn = "arn:aws:iam::OTHERACCOUNT:role/CrossAccountRoleName" # arn of role deployed in separate account
+        # Add gateway endpoints when creating the VPC
+        vpc = ec2.Vpc(self, "MyVpc",
+            gateway_endpoints={
+                "S3": cdk.aws_ec2.GatewayVpcEndpointOptions(
+                    service=ec2.GatewayVpcEndpointAwsService.S3
+                )
+            }
+        )
+        
+        # Alternatively gateway endpoints can be added on the VPC
+        dynamo_db_endpoint = vpc.add_gateway_endpoint("DynamoDbEndpoint",
+            service=ec2.GatewayVpcEndpointAwsService.DYNAMODB
+        )
         
-        call_region = "us-west-1" # sdk call to be made in specified region (optional)
+        # This allows to customize the endpoint policy
+        dynamo_db_endpoint.add_to_policy(
+            iam.PolicyStatement( # Restrict to listing and describing tables
+                principals=[iam.AnyPrincipal()],
+                actions=["dynamodb:DescribeTable", "dynamodb:ListTables"],
+                resources=["*"]))
         
-        cr.AwsCustomResource(self, "CrossAccount",
-            on_create=cr.AwsSdkCall(
-                assumed_role_arn=cross_account_role_arn,
-                region=call_region,  # optional
-                service="sts",
-                action="GetCallerIdentity",
-                physical_resource_id=cr.PhysicalResourceId.of("id")
-            ),
-            policy=cr.AwsCustomResourcePolicy.from_statements([iam.PolicyStatement.from_json({
-                "Effect": "Allow",
-                "Action": "sts:AssumeRole",
-                "Resource": cross_account_role_arn
-            })])
+        # Add an interface endpoint
+        vpc.add_interface_endpoint("EcrDockerEndpoint",
+            service=ec2.InterfaceVpcEndpointAwsService.ECR_DOCKER
         )
     '''
 
@@ -12843,17 +12850,16 @@ class Role(
 
     Example::
 
-        lambda_role = iam.Role(self, "Role",
-            assumed_by=iam.ServicePrincipal("lambda.amazonaws.com"),
-            description="Example role..."
+        # definition: sfn.IChainable
+        role = iam.Role(self, "Role",
+            assumed_by=iam.ServicePrincipal("lambda.amazonaws.com")
         )
-        
-        stream = kinesis.Stream(self, "MyEncryptedStream",
-            encryption=kinesis.StreamEncryption.KMS
+        state_machine = sfn.StateMachine(self, "StateMachine",
+            definition_body=sfn.DefinitionBody.from_chainable(definition)
         )
         
-        # give lambda permissions to read stream
-        stream.grant_read(lambda_role)
+        # Give role permission to get execution history of ALL executions for the state machine
+        state_machine.grant_execution(role, "states:GetExecutionHistory")
     '''
 
     def __init__(

aws_cdk/aws_iot/__init__.py

@@ -3545,6 +3545,9 @@ class CfnDomainConfiguration(
             domain_configuration_status="domainConfigurationStatus",
             domain_name="domainName",
             server_certificate_arns=["serverCertificateArns"],
+            server_certificate_config=iot.CfnDomainConfiguration.ServerCertificateConfigProperty(
+                enable_ocsp_check=False
+            ),
             service_type="serviceType",
             tags=[CfnTag(
                 key="key",
@@ -3567,6 +3570,7 @@ class CfnDomainConfiguration(
         domain_configuration_status: typing.Optional[builtins.str] = None,
         domain_name: typing.Optional[builtins.str] = None,
         server_certificate_arns: typing.Optional[typing.Sequence[builtins.str]] = None,
+        server_certificate_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnDomainConfiguration.ServerCertificateConfigProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         service_type: typing.Optional[builtins.str] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
         tls_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnDomainConfiguration.TlsConfigProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -3580,6 +3584,7 @@ class CfnDomainConfiguration(
         :param domain_configuration_status: The status to which the domain configuration should be updated. Valid values: ``ENABLED`` | ``DISABLED``
         :param domain_name: The name of the domain.
         :param server_certificate_arns: The ARNs of the certificates that AWS IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for AWS -managed domains.
+        :param server_certificate_config: 
         :param service_type: The type of service delivered by the endpoint. .. epigraph:: AWS IoT Core currently supports only the ``DATA`` service type.
         :param tags: Metadata which can be used to manage the domain configuration. .. epigraph:: For URI Request parameters use format: ...key1=value1&key2=value2... For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..." For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."
         :param tls_config: An object that specifies the TLS configuration for a domain.
@@ -3595,6 +3600,7 @@ class CfnDomainConfiguration(
             domain_configuration_status=domain_configuration_status,
             domain_name=domain_name,
             server_certificate_arns=server_certificate_arns,
+            server_certificate_config=server_certificate_config,
             service_type=service_type,
             tags=tags,
             tls_config=tls_config,
@@ -3746,6 +3752,23 @@ class CfnDomainConfiguration(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "serverCertificateArns", value)
 
+    @builtins.property
+    @jsii.member(jsii_name="serverCertificateConfig")
+    def server_certificate_config(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDomainConfiguration.ServerCertificateConfigProperty"]]:
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDomainConfiguration.ServerCertificateConfigProperty"]], jsii.get(self, "serverCertificateConfig"))
+
+    @server_certificate_config.setter
+    def server_certificate_config(
+        self,
+        value: typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDomainConfiguration.ServerCertificateConfigProperty"]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__e961d38604909272268f83e6241e14f8644edf3b972e95582c0126a54e77a342)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "serverCertificateConfig", value)
+
     @builtins.property
     @jsii.member(jsii_name="serviceType")
     def service_type(self) -> typing.Optional[builtins.str]:
@@ -3878,6 +3901,61 @@ class CfnDomainConfiguration(
                 k + "=" + repr(v) for k, v in self._values.items()
             )
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_iot.CfnDomainConfiguration.ServerCertificateConfigProperty",
+        jsii_struct_bases=[],
+        name_mapping={"enable_ocsp_check": "enableOcspCheck"},
+    )
+    class ServerCertificateConfigProperty:
+        def __init__(
+            self,
+            *,
+            enable_ocsp_check: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+        ) -> None:
+            '''
+            :param enable_ocsp_check: 
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-domainconfiguration-servercertificateconfig.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_iot as iot
+                
+                server_certificate_config_property = iot.CfnDomainConfiguration.ServerCertificateConfigProperty(
+                    enable_ocsp_check=False
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__c9e3f7a32bb1f35b034ddd61e39c252e74632db889671f02c46280c93d0573a2)
+                check_type(argname="argument enable_ocsp_check", value=enable_ocsp_check, expected_type=type_hints["enable_ocsp_check"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if enable_ocsp_check is not None:
+                self._values["enable_ocsp_check"] = enable_ocsp_check
+
+        @builtins.property
+        def enable_ocsp_check(
+            self,
+        ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-domainconfiguration-servercertificateconfig.html#cfn-iot-domainconfiguration-servercertificateconfig-enableocspcheck
+            '''
+            result = self._values.get("enable_ocsp_check")
+            return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "ServerCertificateConfigProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_iot.CfnDomainConfiguration.ServerCertificateSummaryProperty",
         jsii_struct_bases=[],
@@ -4034,6 +4112,7 @@ class CfnDomainConfiguration(
         "domain_configuration_status": "domainConfigurationStatus",
         "domain_name": "domainName",
         "server_certificate_arns": "serverCertificateArns",
+        "server_certificate_config": "serverCertificateConfig",
         "service_type": "serviceType",
         "tags": "tags",
         "tls_config": "tlsConfig",
@@ -4049,6 +4128,7 @@ class CfnDomainConfigurationProps:
         domain_configuration_status: typing.Optional[builtins.str] = None,
         domain_name: typing.Optional[builtins.str] = None,
         server_certificate_arns: typing.Optional[typing.Sequence[builtins.str]] = None,
+        server_certificate_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDomainConfiguration.ServerCertificateConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         service_type: typing.Optional[builtins.str] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
         tls_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDomainConfiguration.TlsConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -4061,6 +4141,7 @@ class CfnDomainConfigurationProps:
         :param domain_configuration_status: The status to which the domain configuration should be updated. Valid values: ``ENABLED`` | ``DISABLED``
         :param domain_name: The name of the domain.
         :param server_certificate_arns: The ARNs of the certificates that AWS IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for AWS -managed domains.
+        :param server_certificate_config: 
         :param service_type: The type of service delivered by the endpoint. .. epigraph:: AWS IoT Core currently supports only the ``DATA`` service type.
         :param tags: Metadata which can be used to manage the domain configuration. .. epigraph:: For URI Request parameters use format: ...key1=value1&key2=value2... For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..." For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."
         :param tls_config: An object that specifies the TLS configuration for a domain.
@@ -4084,6 +4165,9 @@ class CfnDomainConfigurationProps:
                 domain_configuration_status="domainConfigurationStatus",
                 domain_name="domainName",
                 server_certificate_arns=["serverCertificateArns"],
+                server_certificate_config=iot.CfnDomainConfiguration.ServerCertificateConfigProperty(
+                    enable_ocsp_check=False
+                ),
                 service_type="serviceType",
                 tags=[CfnTag(
                     key="key",
@@ -4102,6 +4186,7 @@ class CfnDomainConfigurationProps:
             check_type(argname="argument domain_configuration_status", value=domain_configuration_status, expected_type=type_hints["domain_configuration_status"])
             check_type(argname="argument domain_name", value=domain_name, expected_type=type_hints["domain_name"])
             check_type(argname="argument server_certificate_arns", value=server_certificate_arns, expected_type=type_hints["server_certificate_arns"])
+            check_type(argname="argument server_certificate_config", value=server_certificate_config, expected_type=type_hints["server_certificate_config"])
             check_type(argname="argument service_type", value=service_type, expected_type=type_hints["service_type"])
             check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
             check_type(argname="argument tls_config", value=tls_config, expected_type=type_hints["tls_config"])
@@ -4117,6 +4202,8 @@ class CfnDomainConfigurationProps:
             self._values["domain_name"] = domain_name
         if server_certificate_arns is not None:
             self._values["server_certificate_arns"] = server_certificate_arns
+        if server_certificate_config is not None:
+            self._values["server_certificate_config"] = server_certificate_config
         if service_type is not None:
             self._values["service_type"] = service_type
         if tags is not None:
@@ -4179,6 +4266,16 @@ class CfnDomainConfigurationProps:
         result = self._values.get("server_certificate_arns")
         return typing.cast(typing.Optional[typing.List[builtins.str]], result)
 
+    @builtins.property
+    def server_certificate_config(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnDomainConfiguration.ServerCertificateConfigProperty]]:
+        '''
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-domainconfiguration.html#cfn-iot-domainconfiguration-servercertificateconfig
+        '''
+        result = self._values.get("server_certificate_config")
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, CfnDomainConfiguration.ServerCertificateConfigProperty]], result)
+
     @builtins.property
     def service_type(self) -> typing.Optional[builtins.str]:
         '''The type of service delivered by the endpoint.
@@ -19851,6 +19948,7 @@ def _typecheckingstub__58bae527b5502ff5c7ab6b93d68302d8e2cbc6a5632a832f2c6bf436e
     domain_configuration_status: typing.Optional[builtins.str] = None,
     domain_name: typing.Optional[builtins.str] = None,
     server_certificate_arns: typing.Optional[typing.Sequence[builtins.str]] = None,
+    server_certificate_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDomainConfiguration.ServerCertificateConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     service_type: typing.Optional[builtins.str] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
     tls_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDomainConfiguration.TlsConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -19901,6 +19999,12 @@ def _typecheckingstub__4ef4b6ed6999d8d891daa0bf8e467d208eea91e61d9cdcaced2d77c5c
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__e961d38604909272268f83e6241e14f8644edf3b972e95582c0126a54e77a342(
+    value: typing.Optional[typing.Union[_IResolvable_da3f097b, CfnDomainConfiguration.ServerCertificateConfigProperty]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__3f604d76719368707bcb524945346fee877b63e531c6c9f797711e29edad34ef(
     value: typing.Optional[builtins.str],
 ) -> None:
@@ -19933,6 +20037,13 @@ def _typecheckingstub__a0137c885f6ee06843b08b821c9785482f4c15e69984bf435ea564af6
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__c9e3f7a32bb1f35b034ddd61e39c252e74632db889671f02c46280c93d0573a2(
+    *,
+    enable_ocsp_check: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__a5a7581965c46613d884dede598616df654c4e0431faf31d853441c77e54a23c(
     *,
     server_certificate_arn: typing.Optional[builtins.str] = None,
@@ -19956,6 +20067,7 @@ def _typecheckingstub__af698e1a1ead0a2d7000837dd712796a150772065ad59ab9baf10a759
     domain_configuration_status: typing.Optional[builtins.str] = None,
     domain_name: typing.Optional[builtins.str] = None,
     server_certificate_arns: typing.Optional[typing.Sequence[builtins.str]] = None,
+    server_certificate_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDomainConfiguration.ServerCertificateConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     service_type: typing.Optional[builtins.str] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
     tls_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDomainConfiguration.TlsConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,