aws-cdk-lib 2.127.0__py3-none-any.whl → 2.129.0__py3-none-any.whl

aws_cdk/aws_sns/__init__.py

@@ -213,6 +213,44 @@ topic_policy = sns.TopicPolicy(self, "Policy",
 )
 ```
 
+### Enforce encryption of data in transit when publishing to a topic
+
+You can enforce SSL when creating a topic policy by setting the `enforceSSL` flag:
+
+```python
+topic = sns.Topic(self, "Topic")
+policy_document = iam.PolicyDocument(
+    assign_sids=True,
+    statements=[
+        iam.PolicyStatement(
+            actions=["sns:Publish"],
+            principals=[iam.ServicePrincipal("s3.amazonaws.com")],
+            resources=[topic.topic_arn]
+        )
+    ]
+)
+
+topic_policy = sns.TopicPolicy(self, "Policy",
+    topics=[topic],
+    policy_document=policy_document,
+    enforce_sSL=True
+)
+```
+
+Similiarly you can enforce SSL by setting the `enforceSSL` flag on the topic:
+
+```python
+topic = sns.Topic(self, "TopicAddPolicy",
+    enforce_sSL=True
+)
+
+topic.add_to_resource_policy(iam.PolicyStatement(
+    principals=[iam.ServicePrincipal("s3.amazonaws.com")],
+    actions=["sns:Publish"],
+    resources=[topic.topic_arn]
+))
+```
+
 ## Delivery status logging
 
 Amazon SNS provides support to log the delivery status of notification messages sent to topics with the following Amazon SNS endpoints:
@@ -476,7 +514,7 @@ class CfnSubscription(
         :param redrive_policy: When specified, sends undeliverable messages to the specified Amazon SQS dead-letter queue. Messages that can't be delivered due to client errors (for example, when the subscribed endpoint is unreachable) or server errors (for example, when the service that powers the subscribed endpoint becomes unavailable) are held in the dead-letter queue for further analysis or reprocessing. For more information about the redrive policy and dead-letter queues, see `Amazon SQS dead-letter queues <https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html>`_ in the *Amazon SQS Developer Guide* .
         :param region: For cross-region subscriptions, the region in which the topic resides. If no region is specified, AWS CloudFormation uses the region of the caller as the default. If you perform an update operation that only updates the ``Region`` property of a ``AWS::SNS::Subscription`` resource, that operation will fail unless you are either: - Updating the ``Region`` from ``NULL`` to the caller region. - Updating the ``Region`` from the caller region to ``NULL`` .
         :param replay_policy: 
-        :param subscription_role_arn: This property applies only to Amazon Kinesis Data Firehose delivery stream subscriptions. Specify the ARN of the IAM role that has the following: - Permission to write to the Amazon Kinesis Data Firehose delivery stream - Amazon SNS listed as a trusted entity Specifying a valid ARN for this attribute is required for Kinesis Data Firehose delivery stream subscriptions. For more information, see `Fanout to Amazon Kinesis Data Firehose delivery streams <https://docs.aws.amazon.com/sns/latest/dg/sns-firehose-as-subscriber.html>`_ in the *Amazon SNS Developer Guide.*
+        :param subscription_role_arn: This property applies only to Amazon Data Firehose delivery stream subscriptions. Specify the ARN of the IAM role that has the following: - Permission to write to the Amazon Data Firehose delivery stream - Amazon SNS listed as a trusted entity Specifying a valid ARN for this attribute is required for Firehose delivery stream subscriptions. For more information, see `Fanout to Amazon Data Firehose delivery streams <https://docs.aws.amazon.com/sns/latest/dg/sns-firehose-as-subscriber.html>`_ in the *Amazon SNS Developer Guide.*
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__3f3839647e73879ccdb1519ec2afccf78b6168046279d32c5390b3e2543d1fec)
@@ -678,7 +716,7 @@ class CfnSubscription(
     @builtins.property
     @jsii.member(jsii_name="subscriptionRoleArn")
     def subscription_role_arn(self) -> typing.Optional[builtins.str]:
-        '''This property applies only to Amazon Kinesis Data Firehose delivery stream subscriptions.'''
+        '''This property applies only to Amazon Data Firehose delivery stream subscriptions.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "subscriptionRoleArn"))
 
     @subscription_role_arn.setter
@@ -734,7 +772,7 @@ class CfnSubscriptionProps:
         :param redrive_policy: When specified, sends undeliverable messages to the specified Amazon SQS dead-letter queue. Messages that can't be delivered due to client errors (for example, when the subscribed endpoint is unreachable) or server errors (for example, when the service that powers the subscribed endpoint becomes unavailable) are held in the dead-letter queue for further analysis or reprocessing. For more information about the redrive policy and dead-letter queues, see `Amazon SQS dead-letter queues <https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html>`_ in the *Amazon SQS Developer Guide* .
         :param region: For cross-region subscriptions, the region in which the topic resides. If no region is specified, AWS CloudFormation uses the region of the caller as the default. If you perform an update operation that only updates the ``Region`` property of a ``AWS::SNS::Subscription`` resource, that operation will fail unless you are either: - Updating the ``Region`` from ``NULL`` to the caller region. - Updating the ``Region`` from the caller region to ``NULL`` .
         :param replay_policy: 
-        :param subscription_role_arn: This property applies only to Amazon Kinesis Data Firehose delivery stream subscriptions. Specify the ARN of the IAM role that has the following: - Permission to write to the Amazon Kinesis Data Firehose delivery stream - Amazon SNS listed as a trusted entity Specifying a valid ARN for this attribute is required for Kinesis Data Firehose delivery stream subscriptions. For more information, see `Fanout to Amazon Kinesis Data Firehose delivery streams <https://docs.aws.amazon.com/sns/latest/dg/sns-firehose-as-subscriber.html>`_ in the *Amazon SNS Developer Guide.*
+        :param subscription_role_arn: This property applies only to Amazon Data Firehose delivery stream subscriptions. Specify the ARN of the IAM role that has the following: - Permission to write to the Amazon Data Firehose delivery stream - Amazon SNS listed as a trusted entity Specifying a valid ARN for this attribute is required for Firehose delivery stream subscriptions. For more information, see `Fanout to Amazon Data Firehose delivery streams <https://docs.aws.amazon.com/sns/latest/dg/sns-firehose-as-subscriber.html>`_ in the *Amazon SNS Developer Guide.*
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html
         :exampleMetadata: fixture=_generated
@@ -921,14 +959,14 @@ class CfnSubscriptionProps:
 
     @builtins.property
     def subscription_role_arn(self) -> typing.Optional[builtins.str]:
-        '''This property applies only to Amazon Kinesis Data Firehose delivery stream subscriptions.
+        '''This property applies only to Amazon Data Firehose delivery stream subscriptions.
 
         Specify the ARN of the IAM role that has the following:
 
-        - Permission to write to the Amazon Kinesis Data Firehose delivery stream
+        - Permission to write to the Amazon Data Firehose delivery stream
         - Amazon SNS listed as a trusted entity
 
-        Specifying a valid ARN for this attribute is required for Kinesis Data Firehose delivery stream subscriptions. For more information, see `Fanout to Amazon Kinesis Data Firehose delivery streams <https://docs.aws.amazon.com/sns/latest/dg/sns-firehose-as-subscriber.html>`_ in the *Amazon SNS Developer Guide.*
+        Specifying a valid ARN for this attribute is required for Firehose delivery stream subscriptions. For more information, see `Fanout to Amazon Data Firehose delivery streams <https://docs.aws.amazon.com/sns/latest/dg/sns-firehose-as-subscriber.html>`_ in the *Amazon SNS Developer Guide.*
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#cfn-sns-subscription-subscriptionrolearn
         '''
@@ -2319,7 +2357,7 @@ class ITopic(
         '''Adds a statement to the IAM resource policy associated with this topic.
 
         If this topic was created in this stack (``new Topic``), a topic policy
-        will be automatically created upon the first call to ``addToPolicy``. If
+        will be automatically created upon the first call to ``addToResourcePolicy``. If
         the topic is imported (``Topic.import``), then this is a no-op.
 
         :param statement: -
@@ -2680,7 +2718,7 @@ class _ITopicProxy(
         '''Adds a statement to the IAM resource policy associated with this topic.
 
         If this topic was created in this stack (``new Topic``), a topic policy
-        will be automatically created upon the first call to ``addToPolicy``. If
+        will be automatically created upon the first call to ``addToResourcePolicy``. If
         the topic is imported (``Topic.import``), then this is a no-op.
 
         :param statement: -
@@ -4308,7 +4346,7 @@ class TopicBase(
         '''Adds a statement to the IAM resource policy associated with this topic.
 
         If this topic was created in this stack (``new Topic``), a topic policy
-        will be automatically created upon the first call to ``addToPolicy``. If
+        will be automatically created upon the first call to ``addToResourcePolicy``. If
         the topic is imported (``Topic.import``), then this is a no-op.
 
         :param statement: -
@@ -4332,6 +4370,14 @@ class TopicBase(
             check_type(argname="argument _scope", value=_scope, expected_type=type_hints["_scope"])
         return typing.cast(_NotificationRuleTargetConfig_ea27e095, jsii.invoke(self, "bindAsNotificationRuleTarget", [_scope]))
 
+    @jsii.member(jsii_name="createSSLPolicyDocument")
+    def _create_ssl_policy_document(self) -> _PolicyStatement_0fe33853:
+        '''Adds a statement to enforce encryption of data in transit when publishing to the topic.
+
+        For more information, see https://docs.aws.amazon.com/sns/latest/dg/sns-security-best-practices.html#enforce-encryption-data-in-transit.
+        '''
+        return typing.cast(_PolicyStatement_0fe33853, jsii.invoke(self, "createSSLPolicyDocument", []))
+
     @jsii.member(jsii_name="grantPublish")
     def grant_publish(self, grantee: _IGrantable_71c4f5de) -> _Grant_a7ae64f8:
         '''Grant topic publishing permissions to the given identity.
@@ -4777,6 +4823,19 @@ class TopicBase(
         '''The name of the topic.'''
         ...
 
+    @builtins.property
+    @jsii.member(jsii_name="enforceSSL")
+    def _enforce_ssl(self) -> typing.Optional[builtins.bool]:
+        '''Adds a statement to enforce encryption of data in transit when publishing to the topic.'''
+        return typing.cast(typing.Optional[builtins.bool], jsii.get(self, "enforceSSL"))
+
+    @_enforce_ssl.setter
+    def _enforce_ssl(self, value: typing.Optional[builtins.bool]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__41d14f58fd3a68985cc9146f591de9ef04f0766e0e4ab580bec4fe74fde70eee)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "enforceSSL", value)
+
 
 class _TopicBaseProxy(
     TopicBase,
@@ -4845,15 +4904,21 @@ class TopicPolicy(
     Example::
 
         topic = sns.Topic(self, "Topic")
-        topic_policy = sns.TopicPolicy(self, "TopicPolicy",
-            topics=[topic]
+        policy_document = iam.PolicyDocument(
+            assign_sids=True,
+            statements=[
+                iam.PolicyStatement(
+                    actions=["sns:Subscribe"],
+                    principals=[iam.AnyPrincipal()],
+                    resources=[topic.topic_arn]
+                )
+            ]
         )
         
-        topic_policy.document.add_statements(iam.PolicyStatement(
-            actions=["sns:Subscribe"],
-            principals=[iam.AnyPrincipal()],
-            resources=[topic.topic_arn]
-        ))
+        topic_policy = sns.TopicPolicy(self, "Policy",
+            topics=[topic],
+            policy_document=policy_document
+        )
     '''
 
     def __init__(
@@ -4862,22 +4927,42 @@ class TopicPolicy(
         id: builtins.str,
         *,
         topics: typing.Sequence[ITopic],
+        enforce_ssl: typing.Optional[builtins.bool] = None,
         policy_document: typing.Optional[_PolicyDocument_3ac34393] = None,
     ) -> None:
         '''
         :param scope: -
         :param id: -
         :param topics: The set of topics this policy applies to.
+        :param enforce_ssl: Adds a statement to enforce encryption of data in transit when publishing to the topic. For more information, see https://docs.aws.amazon.com/sns/latest/dg/sns-security-best-practices.html#enforce-encryption-data-in-transit. Default: false
         :param policy_document: IAM policy document to apply to topic(s). Default: empty policy document
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__12a056cfcdc8bff96e7fe29bb021bebfb1f092d261da925723087b52a2a52c91)
             check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
-        props = TopicPolicyProps(topics=topics, policy_document=policy_document)
+        props = TopicPolicyProps(
+            topics=topics, enforce_ssl=enforce_ssl, policy_document=policy_document
+        )
 
         jsii.create(self.__class__, self, [scope, id, props])
 
+    @jsii.member(jsii_name="createSSLPolicyDocument")
+    def _create_ssl_policy_document(
+        self,
+        topic_arn: builtins.str,
+    ) -> _PolicyStatement_0fe33853:
+        '''Adds a statement to enforce encryption of data in transit when publishing to the topic.
+
+        For more information, see https://docs.aws.amazon.com/sns/latest/dg/sns-security-best-practices.html#enforce-encryption-data-in-transit.
+
+        :param topic_arn: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__68fd01009ddae128e0ad9f5816da32ac0ad127b82df6140a2431cf829c9a7488)
+            check_type(argname="argument topic_arn", value=topic_arn, expected_type=type_hints["topic_arn"])
+        return typing.cast(_PolicyStatement_0fe33853, jsii.invoke(self, "createSSLPolicyDocument", [topic_arn]))
+
     @builtins.property
     @jsii.member(jsii_name="document")
     def document(self) -> _PolicyDocument_3ac34393:
@@ -4888,18 +4973,24 @@ class TopicPolicy(
 @jsii.data_type(
     jsii_type="aws-cdk-lib.aws_sns.TopicPolicyProps",
     jsii_struct_bases=[],
-    name_mapping={"topics": "topics", "policy_document": "policyDocument"},
+    name_mapping={
+        "topics": "topics",
+        "enforce_ssl": "enforceSSL",
+        "policy_document": "policyDocument",
+    },
 )
 class TopicPolicyProps:
     def __init__(
         self,
         *,
         topics: typing.Sequence[ITopic],
+        enforce_ssl: typing.Optional[builtins.bool] = None,
         policy_document: typing.Optional[_PolicyDocument_3ac34393] = None,
     ) -> None:
         '''Properties to associate SNS topics with a policy.
 
         :param topics: The set of topics this policy applies to.
+        :param enforce_ssl: Adds a statement to enforce encryption of data in transit when publishing to the topic. For more information, see https://docs.aws.amazon.com/sns/latest/dg/sns-security-best-practices.html#enforce-encryption-data-in-transit. Default: false
         :param policy_document: IAM policy document to apply to topic(s). Default: empty policy document
 
         :exampleMetadata: infused
@@ -4907,23 +4998,32 @@ class TopicPolicyProps:
         Example::
 
             topic = sns.Topic(self, "Topic")
-            topic_policy = sns.TopicPolicy(self, "TopicPolicy",
-                topics=[topic]
+            policy_document = iam.PolicyDocument(
+                assign_sids=True,
+                statements=[
+                    iam.PolicyStatement(
+                        actions=["sns:Subscribe"],
+                        principals=[iam.AnyPrincipal()],
+                        resources=[topic.topic_arn]
+                    )
+                ]
             )
             
-            topic_policy.document.add_statements(iam.PolicyStatement(
-                actions=["sns:Subscribe"],
-                principals=[iam.AnyPrincipal()],
-                resources=[topic.topic_arn]
-            ))
+            topic_policy = sns.TopicPolicy(self, "Policy",
+                topics=[topic],
+                policy_document=policy_document
+            )
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__4116dddf14d28d4bd4bb7d68b0eda71322f8faeb2468828dde6eca112513ba6b)
             check_type(argname="argument topics", value=topics, expected_type=type_hints["topics"])
+            check_type(argname="argument enforce_ssl", value=enforce_ssl, expected_type=type_hints["enforce_ssl"])
             check_type(argname="argument policy_document", value=policy_document, expected_type=type_hints["policy_document"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "topics": topics,
         }
+        if enforce_ssl is not None:
+            self._values["enforce_ssl"] = enforce_ssl
         if policy_document is not None:
             self._values["policy_document"] = policy_document
 
@@ -4934,6 +5034,17 @@ class TopicPolicyProps:
         assert result is not None, "Required property 'topics' is missing"
         return typing.cast(typing.List[ITopic], result)
 
+    @builtins.property
+    def enforce_ssl(self) -> typing.Optional[builtins.bool]:
+        '''Adds a statement to enforce encryption of data in transit when publishing to the topic.
+
+        For more information, see https://docs.aws.amazon.com/sns/latest/dg/sns-security-best-practices.html#enforce-encryption-data-in-transit.
+
+        :default: false
+        '''
+        result = self._values.get("enforce_ssl")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
     @builtins.property
     def policy_document(self) -> typing.Optional[_PolicyDocument_3ac34393]:
         '''IAM policy document to apply to topic(s).
@@ -4961,6 +5072,7 @@ class TopicPolicyProps:
     name_mapping={
         "content_based_deduplication": "contentBasedDeduplication",
         "display_name": "displayName",
+        "enforce_ssl": "enforceSSL",
         "fifo": "fifo",
         "logging_configs": "loggingConfigs",
         "master_key": "masterKey",
@@ -4974,6 +5086,7 @@ class TopicProps:
         *,
         content_based_deduplication: typing.Optional[builtins.bool] = None,
         display_name: typing.Optional[builtins.str] = None,
+        enforce_ssl: typing.Optional[builtins.bool] = None,
         fifo: typing.Optional[builtins.bool] = None,
         logging_configs: typing.Optional[typing.Sequence[typing.Union[LoggingConfig, typing.Dict[builtins.str, typing.Any]]]] = None,
         master_key: typing.Optional[_IKey_5f11635f] = None,
@@ -4984,6 +5097,7 @@ class TopicProps:
 
         :param content_based_deduplication: Enables content-based deduplication for FIFO topics. Default: None
         :param display_name: A developer-defined string that can be used to identify this SNS topic. Default: None
+        :param enforce_ssl: Adds a statement to enforce encryption of data in transit when publishing to the topic. For more information, see https://docs.aws.amazon.com/sns/latest/dg/sns-security-best-practices.html#enforce-encryption-data-in-transit. Default: false
         :param fifo: Set to true to create a FIFO topic. Default: None
         :param logging_configs: The list of delivery status logging configurations for the topic. For more information, see https://docs.aws.amazon.com/sns/latest/dg/sns-topic-attributes.html. Default: None
         :param master_key: A KMS Key, either managed by this CDK app, or imported. Default: None
@@ -4994,17 +5108,17 @@ class TopicProps:
 
         Example::
 
-            # role: iam.Role
-            
-            topic = sns.Topic(self, "MyTopic",
-                fifo=True,
-                message_retention_period_in_days=7
+            topic = sns.Topic(self, "Topic",
+                content_based_deduplication=True,
+                display_name="Customer subscription topic",
+                fifo=True
             )
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__093960c1ab5457cc6797eb4a06c9e8fc74e41d4eaa9d0a17f00fa896dadf9161)
             check_type(argname="argument content_based_deduplication", value=content_based_deduplication, expected_type=type_hints["content_based_deduplication"])
             check_type(argname="argument display_name", value=display_name, expected_type=type_hints["display_name"])
+            check_type(argname="argument enforce_ssl", value=enforce_ssl, expected_type=type_hints["enforce_ssl"])
             check_type(argname="argument fifo", value=fifo, expected_type=type_hints["fifo"])
             check_type(argname="argument logging_configs", value=logging_configs, expected_type=type_hints["logging_configs"])
             check_type(argname="argument master_key", value=master_key, expected_type=type_hints["master_key"])
@@ -5015,6 +5129,8 @@ class TopicProps:
             self._values["content_based_deduplication"] = content_based_deduplication
         if display_name is not None:
             self._values["display_name"] = display_name
+        if enforce_ssl is not None:
+            self._values["enforce_ssl"] = enforce_ssl
         if fifo is not None:
             self._values["fifo"] = fifo
         if logging_configs is not None:
@@ -5044,6 +5160,17 @@ class TopicProps:
         result = self._values.get("display_name")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def enforce_ssl(self) -> typing.Optional[builtins.bool]:
+        '''Adds a statement to enforce encryption of data in transit when publishing to the topic.
+
+        For more information, see https://docs.aws.amazon.com/sns/latest/dg/sns-security-best-practices.html#enforce-encryption-data-in-transit.
+
+        :default: false
+        '''
+        result = self._values.get("enforce_ssl")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
     @builtins.property
     def fifo(self) -> typing.Optional[builtins.bool]:
         '''Set to true to create a FIFO topic.
@@ -5420,17 +5547,18 @@ class Topic(TopicBase, metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_sns.T
 
     Example::
 
-        from aws_cdk.aws_kinesisfirehose_alpha import DeliveryStream
-        # stream: DeliveryStream
+        import aws_cdk.aws_sns as sns
         
         
-        topic = sns.Topic(self, "Topic")
+        topic = sns.Topic(self, "MyTopic")
         
-        sns.Subscription(self, "Subscription",
-            topic=topic,
-            endpoint=stream.delivery_stream_arn,
-            protocol=sns.SubscriptionProtocol.FIREHOSE,
-            subscription_role_arn="SAMPLE_ARN"
+        topic_rule = iot.TopicRule(self, "TopicRule",
+            sql=iot.IotSql.from_string_as_ver20160323("SELECT topic(2) as device_id, year, month, day FROM 'device/+/data'"),
+            actions=[
+                actions.SnsTopicAction(topic,
+                    message_format=actions.SnsActionMessageFormat.JSON
+                )
+            ]
         )
     '''
 
@@ -5441,6 +5569,7 @@ class Topic(TopicBase, metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_sns.T
         *,
         content_based_deduplication: typing.Optional[builtins.bool] = None,
         display_name: typing.Optional[builtins.str] = None,
+        enforce_ssl: typing.Optional[builtins.bool] = None,
         fifo: typing.Optional[builtins.bool] = None,
         logging_configs: typing.Optional[typing.Sequence[typing.Union[LoggingConfig, typing.Dict[builtins.str, typing.Any]]]] = None,
         master_key: typing.Optional[_IKey_5f11635f] = None,
@@ -5452,6 +5581,7 @@ class Topic(TopicBase, metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_sns.T
         :param id: -
         :param content_based_deduplication: Enables content-based deduplication for FIFO topics. Default: None
         :param display_name: A developer-defined string that can be used to identify this SNS topic. Default: None
+        :param enforce_ssl: Adds a statement to enforce encryption of data in transit when publishing to the topic. For more information, see https://docs.aws.amazon.com/sns/latest/dg/sns-security-best-practices.html#enforce-encryption-data-in-transit. Default: false
         :param fifo: Set to true to create a FIFO topic. Default: None
         :param logging_configs: The list of delivery status logging configurations for the topic. For more information, see https://docs.aws.amazon.com/sns/latest/dg/sns-topic-attributes.html. Default: None
         :param master_key: A KMS Key, either managed by this CDK app, or imported. Default: None
@@ -5465,6 +5595,7 @@ class Topic(TopicBase, metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_sns.T
         props = TopicProps(
             content_based_deduplication=content_based_deduplication,
             display_name=display_name,
+            enforce_ssl=enforce_ssl,
             fifo=fifo,
             logging_configs=logging_configs,
             master_key=master_key,
@@ -6131,19 +6262,33 @@ def _typecheckingstub__b07969d7a2c71869715d0fe87d9b0d9d67f663ddecc9d81d353ba532f
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__41d14f58fd3a68985cc9146f591de9ef04f0766e0e4ab580bec4fe74fde70eee(
+    value: typing.Optional[builtins.bool],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__12a056cfcdc8bff96e7fe29bb021bebfb1f092d261da925723087b52a2a52c91(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,
     *,
     topics: typing.Sequence[ITopic],
+    enforce_ssl: typing.Optional[builtins.bool] = None,
     policy_document: typing.Optional[_PolicyDocument_3ac34393] = None,
 ) -> None:
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__68fd01009ddae128e0ad9f5816da32ac0ad127b82df6140a2431cf829c9a7488(
+    topic_arn: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__4116dddf14d28d4bd4bb7d68b0eda71322f8faeb2468828dde6eca112513ba6b(
     *,
     topics: typing.Sequence[ITopic],
+    enforce_ssl: typing.Optional[builtins.bool] = None,
     policy_document: typing.Optional[_PolicyDocument_3ac34393] = None,
 ) -> None:
     """Type checking stubs"""
@@ -6153,6 +6298,7 @@ def _typecheckingstub__093960c1ab5457cc6797eb4a06c9e8fc74e41d4eaa9d0a17f00fa896d
     *,
     content_based_deduplication: typing.Optional[builtins.bool] = None,
     display_name: typing.Optional[builtins.str] = None,
+    enforce_ssl: typing.Optional[builtins.bool] = None,
     fifo: typing.Optional[builtins.bool] = None,
     logging_configs: typing.Optional[typing.Sequence[typing.Union[LoggingConfig, typing.Dict[builtins.str, typing.Any]]]] = None,
     master_key: typing.Optional[_IKey_5f11635f] = None,
@@ -6191,6 +6337,7 @@ def _typecheckingstub__5bf7b7a1001dc600e81a7f1c5015e367dc471dcd727360f62a7eaf6eb
     *,
     content_based_deduplication: typing.Optional[builtins.bool] = None,
     display_name: typing.Optional[builtins.str] = None,
+    enforce_ssl: typing.Optional[builtins.bool] = None,
     fifo: typing.Optional[builtins.bool] = None,
     logging_configs: typing.Optional[typing.Sequence[typing.Union[LoggingConfig, typing.Dict[builtins.str, typing.Any]]]] = None,
     master_key: typing.Optional[_IKey_5f11635f] = None,

aws_cdk/aws_sqs/__init__.py

@@ -3811,21 +3811,19 @@ class Queue(QueueBase, metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_sqs.Q
 
     Example::
 
-        payload = "test"
-        message_group_id = "id"
-        queue = sqs.Queue(self, "MyQueue",
-            fifo=True,
-            content_based_deduplication=True
-        )
+        # source_queue: sqs.Queue
+        # target_queue: sqs.Queue
+        
         
-        target = targets.SqsSendMessage(queue,
-            input=ScheduleTargetInput.from_text(payload),
-            message_group_id=message_group_id
+        pipe_target = targets.SqsTarget(target_queue,
+            input_transformation=pipes.InputTransformation.from_object({
+                "SomeKey": pipes.DynamicInput.from_event_path("$.body")
+            })
         )
         
-        Schedule(self, "Schedule",
-            schedule=ScheduleExpression.rate(Duration.minutes(1)),
-            target=target
+        pipe = pipes.Pipe(self, "Pipe",
+            source=SomeSource(source_queue),
+            target=pipe_target
         )
     '''