aws-cdk-lib 2.128.0__py3-none-any.whl → 2.130.0__py3-none-any.whl

aws_cdk/aws_guardduty/__init__.py

@@ -2306,7 +2306,7 @@ class CfnMaster(
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param detector_id: The unique ID of the detector of the GuardDuty member account.
-        :param master_id: 
+        :param master_id: The AWS account ID of the account designated as the GuardDuty administrator account.
         :param invitation_id: The ID of the invitation that is sent to the account designated as a member account. You can find the invitation ID by using the ListInvitation action of the GuardDuty API.
         '''
         if __debug__:
@@ -2370,6 +2370,7 @@ class CfnMaster(
     @builtins.property
     @jsii.member(jsii_name="masterId")
     def master_id(self) -> builtins.str:
+        '''The AWS account ID of the account designated as the GuardDuty administrator account.'''
         return typing.cast(builtins.str, jsii.get(self, "masterId"))
 
     @master_id.setter
@@ -2413,7 +2414,7 @@ class CfnMasterProps:
         '''Properties for defining a ``CfnMaster``.
 
         :param detector_id: The unique ID of the detector of the GuardDuty member account.
-        :param master_id: 
+        :param master_id: The AWS account ID of the account designated as the GuardDuty administrator account.
         :param invitation_id: The ID of the invitation that is sent to the account designated as a member account. You can find the invitation ID by using the ListInvitation action of the GuardDuty API.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-master.html
@@ -2457,7 +2458,8 @@ class CfnMasterProps:
 
     @builtins.property
     def master_id(self) -> builtins.str:
-        '''
+        '''The AWS account ID of the account designated as the GuardDuty administrator account.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-master.html#cfn-guardduty-master-masterid
         '''
         result = self._values.get("master_id")
@@ -2508,12 +2510,12 @@ class CfnMember(
         from aws_cdk import aws_guardduty as guardduty
         
         cfn_member = guardduty.CfnMember(self, "MyCfnMember",
-            detector_id="detectorId",
             email="email",
-            member_id="memberId",
         
             # the properties below are optional
+            detector_id="detectorId",
             disable_email_notification=False,
+            member_id="memberId",
             message="message",
             status="status"
         )
@@ -2524,20 +2526,20 @@ class CfnMember(
         scope: _constructs_77d1e7e8.Construct,
         id: builtins.str,
         *,
-        detector_id: builtins.str,
         email: builtins.str,
-        member_id: builtins.str,
+        detector_id: typing.Optional[builtins.str] = None,
         disable_email_notification: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+        member_id: typing.Optional[builtins.str] = None,
         message: typing.Optional[builtins.str] = None,
         status: typing.Optional[builtins.str] = None,
     ) -> None:
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param detector_id: The ID of the detector associated with the GuardDuty service to add the member to.
         :param email: The email address associated with the member account.
-        :param member_id: 
+        :param detector_id: The ID of the detector associated with the GuardDuty service to add the member to.
         :param disable_email_notification: Specifies whether or not to disable email notification for the member account that you invite.
+        :param member_id: The AWS account ID of the account to designate as a member.
         :param message: The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members.
         :param status: You can use the ``Status`` property to update the status of the relationship between the member account and its administrator account. Valid values are ``Created`` and ``Invited`` when using an ``AWS::GuardDuty::Member`` resource. If the value for this property is not provided or set to ``Created`` , a member account is created but not invited. If the value of this property is set to ``Invited`` , a member account is created and invited.
         '''
@@ -2546,10 +2548,10 @@ class CfnMember(
             check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
         props = CfnMemberProps(
-            detector_id=detector_id,
             email=email,
-            member_id=member_id,
+            detector_id=detector_id,
             disable_email_notification=disable_email_notification,
+            member_id=member_id,
             message=message,
             status=status,
         )
@@ -2591,19 +2593,6 @@ class CfnMember(
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
         return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
 
-    @builtins.property
-    @jsii.member(jsii_name="detectorId")
-    def detector_id(self) -> builtins.str:
-        '''The ID of the detector associated with the GuardDuty service to add the member to.'''
-        return typing.cast(builtins.str, jsii.get(self, "detectorId"))
-
-    @detector_id.setter
-    def detector_id(self, value: builtins.str) -> None:
-        if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__d526f38412f59e2458ce2c2439621166117e2219e0b7389c37d70f65550274c4)
-            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "detectorId", value)
-
     @builtins.property
     @jsii.member(jsii_name="email")
     def email(self) -> builtins.str:
@@ -2618,16 +2607,17 @@ class CfnMember(
         jsii.set(self, "email", value)
 
     @builtins.property
-    @jsii.member(jsii_name="memberId")
-    def member_id(self) -> builtins.str:
-        return typing.cast(builtins.str, jsii.get(self, "memberId"))
+    @jsii.member(jsii_name="detectorId")
+    def detector_id(self) -> typing.Optional[builtins.str]:
+        '''The ID of the detector associated with the GuardDuty service to add the member to.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "detectorId"))
 
-    @member_id.setter
-    def member_id(self, value: builtins.str) -> None:
+    @detector_id.setter
+    def detector_id(self, value: typing.Optional[builtins.str]) -> None:
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__d66a842586ef2d5ec697ca62e59ef2af5353de489b001fb4687956e1766aac41)
+            type_hints = typing.get_type_hints(_typecheckingstub__d526f38412f59e2458ce2c2439621166117e2219e0b7389c37d70f65550274c4)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "memberId", value)
+        jsii.set(self, "detectorId", value)
 
     @builtins.property
     @jsii.member(jsii_name="disableEmailNotification")
@@ -2647,6 +2637,19 @@ class CfnMember(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "disableEmailNotification", value)
 
+    @builtins.property
+    @jsii.member(jsii_name="memberId")
+    def member_id(self) -> typing.Optional[builtins.str]:
+        '''The AWS account ID of the account to designate as a member.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "memberId"))
+
+    @member_id.setter
+    def member_id(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__d66a842586ef2d5ec697ca62e59ef2af5353de489b001fb4687956e1766aac41)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "memberId", value)
+
     @builtins.property
     @jsii.member(jsii_name="message")
     def message(self) -> typing.Optional[builtins.str]:
@@ -2678,10 +2681,10 @@ class CfnMember(
     jsii_type="aws-cdk-lib.aws_guardduty.CfnMemberProps",
     jsii_struct_bases=[],
     name_mapping={
-        "detector_id": "detectorId",
         "email": "email",
-        "member_id": "memberId",
+        "detector_id": "detectorId",
         "disable_email_notification": "disableEmailNotification",
+        "member_id": "memberId",
         "message": "message",
         "status": "status",
     },
@@ -2690,19 +2693,19 @@ class CfnMemberProps:
     def __init__(
         self,
         *,
-        detector_id: builtins.str,
         email: builtins.str,
-        member_id: builtins.str,
+        detector_id: typing.Optional[builtins.str] = None,
         disable_email_notification: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+        member_id: typing.Optional[builtins.str] = None,
         message: typing.Optional[builtins.str] = None,
         status: typing.Optional[builtins.str] = None,
     ) -> None:
         '''Properties for defining a ``CfnMember``.
 
-        :param detector_id: The ID of the detector associated with the GuardDuty service to add the member to.
         :param email: The email address associated with the member account.
-        :param member_id: 
+        :param detector_id: The ID of the detector associated with the GuardDuty service to add the member to.
         :param disable_email_notification: Specifies whether or not to disable email notification for the member account that you invite.
+        :param member_id: The AWS account ID of the account to designate as a member.
         :param message: The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members.
         :param status: You can use the ``Status`` property to update the status of the relationship between the member account and its administrator account. Valid values are ``Created`` and ``Invited`` when using an ``AWS::GuardDuty::Member`` resource. If the value for this property is not provided or set to ``Created`` , a member account is created but not invited. If the value of this property is set to ``Invited`` , a member account is created and invited.
 
@@ -2716,46 +2719,38 @@ class CfnMemberProps:
             from aws_cdk import aws_guardduty as guardduty
             
             cfn_member_props = guardduty.CfnMemberProps(
-                detector_id="detectorId",
                 email="email",
-                member_id="memberId",
             
                 # the properties below are optional
+                detector_id="detectorId",
                 disable_email_notification=False,
+                member_id="memberId",
                 message="message",
                 status="status"
             )
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__707033ab8b51a1c3cb64594f2a7e13ff03829ca7aed824af4d8509b6302ad443)
-            check_type(argname="argument detector_id", value=detector_id, expected_type=type_hints["detector_id"])
             check_type(argname="argument email", value=email, expected_type=type_hints["email"])
-            check_type(argname="argument member_id", value=member_id, expected_type=type_hints["member_id"])
+            check_type(argname="argument detector_id", value=detector_id, expected_type=type_hints["detector_id"])
             check_type(argname="argument disable_email_notification", value=disable_email_notification, expected_type=type_hints["disable_email_notification"])
+            check_type(argname="argument member_id", value=member_id, expected_type=type_hints["member_id"])
             check_type(argname="argument message", value=message, expected_type=type_hints["message"])
             check_type(argname="argument status", value=status, expected_type=type_hints["status"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
-            "detector_id": detector_id,
             "email": email,
-            "member_id": member_id,
         }
+        if detector_id is not None:
+            self._values["detector_id"] = detector_id
         if disable_email_notification is not None:
             self._values["disable_email_notification"] = disable_email_notification
+        if member_id is not None:
+            self._values["member_id"] = member_id
         if message is not None:
             self._values["message"] = message
         if status is not None:
             self._values["status"] = status
 
-    @builtins.property
-    def detector_id(self) -> builtins.str:
-        '''The ID of the detector associated with the GuardDuty service to add the member to.
-
-        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-detectorid
-        '''
-        result = self._values.get("detector_id")
-        assert result is not None, "Required property 'detector_id' is missing"
-        return typing.cast(builtins.str, result)
-
     @builtins.property
     def email(self) -> builtins.str:
         '''The email address associated with the member account.
@@ -2767,13 +2762,13 @@ class CfnMemberProps:
         return typing.cast(builtins.str, result)
 
     @builtins.property
-    def member_id(self) -> builtins.str:
-        '''
-        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-memberid
+    def detector_id(self) -> typing.Optional[builtins.str]:
+        '''The ID of the detector associated with the GuardDuty service to add the member to.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-detectorid
         '''
-        result = self._values.get("member_id")
-        assert result is not None, "Required property 'member_id' is missing"
-        return typing.cast(builtins.str, result)
+        result = self._values.get("detector_id")
+        return typing.cast(typing.Optional[builtins.str], result)
 
     @builtins.property
     def disable_email_notification(
@@ -2786,6 +2781,15 @@ class CfnMemberProps:
         result = self._values.get("disable_email_notification")
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
 
+    @builtins.property
+    def member_id(self) -> typing.Optional[builtins.str]:
+        '''The AWS account ID of the account to designate as a member.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-memberid
+        '''
+        result = self._values.get("member_id")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def message(self) -> typing.Optional[builtins.str]:
         '''The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members.
@@ -3561,10 +3565,10 @@ def _typecheckingstub__f44a0908d294a573f190a54e5b7ef824c88df12f421c2066261062645
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,
     *,
-    detector_id: builtins.str,
     email: builtins.str,
-    member_id: builtins.str,
+    detector_id: typing.Optional[builtins.str] = None,
     disable_email_notification: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+    member_id: typing.Optional[builtins.str] = None,
     message: typing.Optional[builtins.str] = None,
     status: typing.Optional[builtins.str] = None,
 ) -> None:
@@ -3583,26 +3587,26 @@ def _typecheckingstub__aed253523c72485b59fa49b2da3826b766e320b488e0889727ad37f72
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__d526f38412f59e2458ce2c2439621166117e2219e0b7389c37d70f65550274c4(
+def _typecheckingstub__440534181e19dc546b7c107a5ec6269f67af73284cea8e784c8e3133ff4dbe38(
     value: builtins.str,
 ) -> None:
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__440534181e19dc546b7c107a5ec6269f67af73284cea8e784c8e3133ff4dbe38(
-    value: builtins.str,
+def _typecheckingstub__d526f38412f59e2458ce2c2439621166117e2219e0b7389c37d70f65550274c4(
+    value: typing.Optional[builtins.str],
 ) -> None:
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__d66a842586ef2d5ec697ca62e59ef2af5353de489b001fb4687956e1766aac41(
-    value: builtins.str,
+def _typecheckingstub__a0d936d65b44cfdbfcf7b0213e06a4664e73ffce48a3399a6c5e192b98602f0e(
+    value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
 ) -> None:
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__a0d936d65b44cfdbfcf7b0213e06a4664e73ffce48a3399a6c5e192b98602f0e(
-    value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
+def _typecheckingstub__d66a842586ef2d5ec697ca62e59ef2af5353de489b001fb4687956e1766aac41(
+    value: typing.Optional[builtins.str],
 ) -> None:
     """Type checking stubs"""
     pass
@@ -3621,10 +3625,10 @@ def _typecheckingstub__9c6a13c5df833c1f8928aa6ad329e356681a0e7ca00f52f83fb00c4fd
 
 def _typecheckingstub__707033ab8b51a1c3cb64594f2a7e13ff03829ca7aed824af4d8509b6302ad443(
     *,
-    detector_id: builtins.str,
     email: builtins.str,
-    member_id: builtins.str,
+    detector_id: typing.Optional[builtins.str] = None,
     disable_email_notification: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+    member_id: typing.Optional[builtins.str] = None,
     message: typing.Optional[builtins.str] = None,
     status: typing.Optional[builtins.str] = None,
 ) -> None:

aws_cdk/aws_iam/__init__.py

@@ -9869,34 +9869,27 @@ class PolicyStatement(
 ):
     '''Represents a statement in an IAM policy document.
 
-    :exampleMetadata: lit=aws-ec2/test/integ.vpc-endpoint.lit.ts infused
+    :exampleMetadata: infused
 
     Example::
 
-        # Add gateway endpoints when creating the VPC
-        vpc = ec2.Vpc(self, "MyVpc",
-            gateway_endpoints={
-                "S3": cdk.aws_ec2.GatewayVpcEndpointOptions(
-                    service=ec2.GatewayVpcEndpointAwsService.S3
-                )
-            }
-        )
+        cross_account_role_arn = "arn:aws:iam::OTHERACCOUNT:role/CrossAccountRoleName" # arn of role deployed in separate account
         
-        # Alternatively gateway endpoints can be added on the VPC
-        dynamo_db_endpoint = vpc.add_gateway_endpoint("DynamoDbEndpoint",
-            service=ec2.GatewayVpcEndpointAwsService.DYNAMODB
-        )
-        
-        # This allows to customize the endpoint policy
-        dynamo_db_endpoint.add_to_policy(
-            iam.PolicyStatement( # Restrict to listing and describing tables
-                principals=[iam.AnyPrincipal()],
-                actions=["dynamodb:DescribeTable", "dynamodb:ListTables"],
-                resources=["*"]))
+        call_region = "us-west-1" # sdk call to be made in specified region (optional)
         
-        # Add an interface endpoint
-        vpc.add_interface_endpoint("EcrDockerEndpoint",
-            service=ec2.InterfaceVpcEndpointAwsService.ECR_DOCKER
+        cr.AwsCustomResource(self, "CrossAccount",
+            on_create=cr.AwsSdkCall(
+                assumed_role_arn=cross_account_role_arn,
+                region=call_region,  # optional
+                service="sts",
+                action="GetCallerIdentity",
+                physical_resource_id=cr.PhysicalResourceId.of("id")
+            ),
+            policy=cr.AwsCustomResourcePolicy.from_statements([iam.PolicyStatement.from_json({
+                "Effect": "Allow",
+                "Action": "sts:AssumeRole",
+                "Resource": cross_account_role_arn
+            })])
         )
     '''