aws-cdk-lib 2.125.0__py3-none-any.whl → 2.127.0__py3-none-any.whl

aws_cdk/aws_rolesanywhere/__init__.py

@@ -365,7 +365,11 @@ class CfnProfile(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_rolesanywhere.CfnProfile",
 ):
-    '''Creates a Profile.
+    '''Creates a *profile* , a list of the roles that Roles Anywhere service is trusted to assume.
+
+    You use profiles to intersect permissions with IAM managed policies.
+
+    *Required permissions:* ``rolesanywhere:CreateProfile`` .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html
     :cloudformationResource: AWS::RolesAnywhere::Profile
@@ -411,14 +415,14 @@ class CfnProfile(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param name: The customer specified name of the resource.
-        :param role_arns: A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.
-        :param duration_seconds: The number of seconds vended session credentials will be valid for.
-        :param enabled: The enabled status of the resource.
-        :param managed_policy_arns: A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.
-        :param require_instance_properties: Specifies whether instance properties are required in CreateSession requests with this profile.
-        :param session_policy: A session policy that will applied to the trust boundary of the vended session credentials.
-        :param tags: A list of Tags.
+        :param name: The name of the profile.
+        :param role_arns: A list of IAM role ARNs. During ``CreateSession`` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.
+        :param duration_seconds: Sets the maximum number of seconds that vended temporary credentials through `CreateSession <https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html>`_ will be valid for, between 900 and 3600.
+        :param enabled: Indicates whether the profile is enabled.
+        :param managed_policy_arns: A list of managed policy ARNs that apply to the vended session credentials.
+        :param require_instance_properties: Specifies whether instance properties are required in temporary credential requests with this profile.
+        :param session_policy: A session policy that applies to the trust boundary of the vended session credentials.
+        :param tags: The tags to attach to the profile.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__15739ec913066dea67815f6297a7c4e3ed351b4df22323a7b46fa138af1a7af8)
@@ -499,7 +503,7 @@ class CfnProfile(
     @builtins.property
     @jsii.member(jsii_name="name")
     def name(self) -> builtins.str:
-        '''The customer specified name of the resource.'''
+        '''The name of the profile.'''
         return typing.cast(builtins.str, jsii.get(self, "name"))
 
     @name.setter
@@ -512,7 +516,7 @@ class CfnProfile(
     @builtins.property
     @jsii.member(jsii_name="roleArns")
     def role_arns(self) -> typing.List[builtins.str]:
-        '''A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.'''
+        '''A list of IAM role ARNs.'''
         return typing.cast(typing.List[builtins.str], jsii.get(self, "roleArns"))
 
     @role_arns.setter
@@ -525,7 +529,7 @@ class CfnProfile(
     @builtins.property
     @jsii.member(jsii_name="durationSeconds")
     def duration_seconds(self) -> typing.Optional[jsii.Number]:
-        '''The number of seconds vended session credentials will be valid for.'''
+        '''Sets the maximum number of seconds that vended temporary credentials through `CreateSession <https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html>`_ will be valid for, between 900 and 3600.'''
         return typing.cast(typing.Optional[jsii.Number], jsii.get(self, "durationSeconds"))
 
     @duration_seconds.setter
@@ -540,7 +544,7 @@ class CfnProfile(
     def enabled(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''The enabled status of the resource.'''
+        '''Indicates whether the profile is enabled.'''
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "enabled"))
 
     @enabled.setter
@@ -556,7 +560,7 @@ class CfnProfile(
     @builtins.property
     @jsii.member(jsii_name="managedPolicyArns")
     def managed_policy_arns(self) -> typing.Optional[typing.List[builtins.str]]:
-        '''A list of managed policy ARNs.'''
+        '''A list of managed policy ARNs that apply to the vended session credentials.'''
         return typing.cast(typing.Optional[typing.List[builtins.str]], jsii.get(self, "managedPolicyArns"))
 
     @managed_policy_arns.setter
@@ -574,7 +578,7 @@ class CfnProfile(
     def require_instance_properties(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''Specifies whether instance properties are required in CreateSession requests with this profile.'''
+        '''Specifies whether instance properties are required in temporary credential requests with this profile.'''
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "requireInstanceProperties"))
 
     @require_instance_properties.setter
@@ -590,7 +594,7 @@ class CfnProfile(
     @builtins.property
     @jsii.member(jsii_name="sessionPolicy")
     def session_policy(self) -> typing.Optional[builtins.str]:
-        '''A session policy that will applied to the trust boundary of the vended session credentials.'''
+        '''A session policy that applies to the trust boundary of the vended session credentials.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "sessionPolicy"))
 
     @session_policy.setter
@@ -603,7 +607,7 @@ class CfnProfile(
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
     def tags_raw(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''A list of Tags.'''
+        '''The tags to attach to the profile.'''
         return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tagsRaw"))
 
     @tags_raw.setter
@@ -643,14 +647,14 @@ class CfnProfileProps:
     ) -> None:
         '''Properties for defining a ``CfnProfile``.
 
-        :param name: The customer specified name of the resource.
-        :param role_arns: A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.
-        :param duration_seconds: The number of seconds vended session credentials will be valid for.
-        :param enabled: The enabled status of the resource.
-        :param managed_policy_arns: A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.
-        :param require_instance_properties: Specifies whether instance properties are required in CreateSession requests with this profile.
-        :param session_policy: A session policy that will applied to the trust boundary of the vended session credentials.
-        :param tags: A list of Tags.
+        :param name: The name of the profile.
+        :param role_arns: A list of IAM role ARNs. During ``CreateSession`` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.
+        :param duration_seconds: Sets the maximum number of seconds that vended temporary credentials through `CreateSession <https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html>`_ will be valid for, between 900 and 3600.
+        :param enabled: Indicates whether the profile is enabled.
+        :param managed_policy_arns: A list of managed policy ARNs that apply to the vended session credentials.
+        :param require_instance_properties: Specifies whether instance properties are required in temporary credential requests with this profile.
+        :param session_policy: A session policy that applies to the trust boundary of the vended session credentials.
+        :param tags: The tags to attach to the profile.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html
         :exampleMetadata: fixture=_generated
@@ -706,7 +710,7 @@ class CfnProfileProps:
 
     @builtins.property
     def name(self) -> builtins.str:
-        '''The customer specified name of the resource.
+        '''The name of the profile.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-name
         '''
@@ -716,7 +720,9 @@ class CfnProfileProps:
 
     @builtins.property
     def role_arns(self) -> typing.List[builtins.str]:
-        '''A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.
+        '''A list of IAM role ARNs.
+
+        During ``CreateSession`` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-rolearns
         '''
@@ -726,7 +732,7 @@ class CfnProfileProps:
 
     @builtins.property
     def duration_seconds(self) -> typing.Optional[jsii.Number]:
-        '''The number of seconds vended session credentials will be valid for.
+        '''Sets the maximum number of seconds that vended temporary credentials through `CreateSession <https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html>`_ will be valid for, between 900 and 3600.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-durationseconds
         '''
@@ -737,7 +743,7 @@ class CfnProfileProps:
     def enabled(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''The enabled status of the resource.
+        '''Indicates whether the profile is enabled.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-enabled
         '''
@@ -746,9 +752,7 @@ class CfnProfileProps:
 
     @builtins.property
     def managed_policy_arns(self) -> typing.Optional[typing.List[builtins.str]]:
-        '''A list of managed policy ARNs.
-
-        Managed policies identified by this list will be applied to the vended session credentials.
+        '''A list of managed policy ARNs that apply to the vended session credentials.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-managedpolicyarns
         '''
@@ -759,7 +763,7 @@ class CfnProfileProps:
     def require_instance_properties(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''Specifies whether instance properties are required in CreateSession requests with this profile.
+        '''Specifies whether instance properties are required in temporary credential requests with this profile.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-requireinstanceproperties
         '''
@@ -768,7 +772,7 @@ class CfnProfileProps:
 
     @builtins.property
     def session_policy(self) -> typing.Optional[builtins.str]:
-        '''A session policy that will applied to the trust boundary of the vended session credentials.
+        '''A session policy that applies to the trust boundary of the vended session credentials.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-sessionpolicy
         '''
@@ -777,7 +781,7 @@ class CfnProfileProps:
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''A list of Tags.
+        '''The tags to attach to the profile.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-tags
         '''
@@ -802,7 +806,11 @@ class CfnTrustAnchor(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_rolesanywhere.CfnTrustAnchor",
 ):
-    '''Creates a TrustAnchor.
+    '''Creates a trust anchor to establish trust between IAM Roles Anywhere and your certificate authority (CA).
+
+    You can define a trust anchor as a reference to an AWS Private Certificate Authority ( AWS Private CA ) or by uploading a CA certificate. Your AWS workloads can authenticate with the trust anchor using certificates issued by the CA in exchange for temporary AWS credentials.
+
+    *Required permissions:* ``rolesanywhere:CreateTrustAnchor`` .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-trustanchor.html
     :cloudformationResource: AWS::RolesAnywhere::TrustAnchor
@@ -1146,7 +1154,7 @@ class CfnTrustAnchor(
             acm_pca_arn: typing.Optional[builtins.str] = None,
             x509_certificate_data: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''A union object representing the data field of the TrustAnchor depending on its type.
+            '''The data field of the trust anchor depending on its type.
 
             :param acm_pca_arn: The root certificate of the AWS Private Certificate Authority specified by this ARN is used in trust validation for temporary credential requests. Included for trust anchors of type ``AWS_ACM_PCA`` . .. epigraph:: This field is not supported in your region.
             :param x509_certificate_data: The PEM-encoded data for the certificate anchor. Included for trust anchors of type ``CERTIFICATE_BUNDLE`` .
@@ -1223,10 +1231,10 @@ class CfnTrustAnchor(
             source_data: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnTrustAnchor.SourceDataProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             source_type: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''Object representing the TrustAnchor type and its related certificate data.
+            '''The trust anchor type and its related certificate data.
 
-            :param source_data: A union object representing the data field of the TrustAnchor depending on its type.
-            :param source_type: The type of the TrustAnchor.
+            :param source_data: The data field of the trust anchor depending on its type.
+            :param source_type: The type of the TrustAnchor. .. epigraph:: ``AWS_ACM_PCA`` is not an allowed value in your region.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rolesanywhere-trustanchor-source.html
             :exampleMetadata: fixture=_generated
@@ -1259,7 +1267,7 @@ class CfnTrustAnchor(
         def source_data(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnTrustAnchor.SourceDataProperty"]]:
-            '''A union object representing the data field of the TrustAnchor depending on its type.
+            '''The data field of the trust anchor depending on its type.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rolesanywhere-trustanchor-source.html#cfn-rolesanywhere-trustanchor-source-sourcedata
             '''
@@ -1270,6 +1278,10 @@ class CfnTrustAnchor(
         def source_type(self) -> typing.Optional[builtins.str]:
             '''The type of the TrustAnchor.
 
+            .. epigraph::
+
+               ``AWS_ACM_PCA`` is not an allowed value in your region.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rolesanywhere-trustanchor-source.html#cfn-rolesanywhere-trustanchor-source-sourcetype
             '''
             result = self._values.get("source_type")