aws-cdk-lib 2.133.0__py3-none-any.whl → 2.134.0__py3-none-any.whl

aws_cdk/aws_opensearchservice/__init__.py

@@ -748,10 +748,10 @@ class CapacityConfig:
 
         :param data_node_instance_type: The instance type for your data nodes, such as ``m3.medium.search``. For valid values, see `Supported Instance Types <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html>`_ in the Amazon OpenSearch Service Developer Guide. Default: - r5.large.search
         :param data_nodes: The number of data nodes (instances) to use in the Amazon OpenSearch Service domain. Default: - 1
-        :param master_node_instance_type: The hardware configuration of the computer that hosts the dedicated master node, such as ``m3.medium.search``. For valid values, see [Supported Instance Types] (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html) in the Amazon OpenSearch Service Developer Guide. Default: - r5.large.search
+        :param master_node_instance_type: The hardware configuration of the computer that hosts the dedicated master node, such as ``m3.medium.search``. For valid values, see `Supported Instance Types <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html>`_ in the Amazon OpenSearch Service Developer Guide. Default: - r5.large.search
         :param master_nodes: The number of instances to use for the master node. Default: - no dedicated master nodes
-        :param multi_az_with_standby_enabled: Indicates whether Multi-AZ with Standby deployment option is enabled. For more information, see [Multi-AZ with Standby] (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html#managedomains-za-standby) Default: - no multi-az with standby
-        :param warm_instance_type: The instance type for your UltraWarm node, such as ``ultrawarm1.medium.search``. For valid values, see [UltraWarm Storage Limits] (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#limits-ultrawarm) in the Amazon OpenSearch Service Developer Guide. Default: - ultrawarm1.medium.search
+        :param multi_az_with_standby_enabled: Indicates whether Multi-AZ with Standby deployment option is enabled. For more information, see `Multi-AZ with Standby <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html#managedomains-za-standby>`_ Default: - no multi-az with standby
+        :param warm_instance_type: The instance type for your UltraWarm node, such as ``ultrawarm1.medium.search``. For valid values, see `UltraWarm Storage Limits <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#limits-ultrawarm>`_ in the Amazon OpenSearch Service Developer Guide. Default: - ultrawarm1.medium.search
         :param warm_nodes: The number of UltraWarm nodes (instances) to use in the Amazon OpenSearch Service domain. Default: - no UltraWarm nodes
 
         :exampleMetadata: infused
@@ -813,7 +813,7 @@ class CapacityConfig:
 
     @builtins.property
     def master_node_instance_type(self) -> typing.Optional[builtins.str]:
-        '''The hardware configuration of the computer that hosts the dedicated master node, such as ``m3.medium.search``. For valid values, see [Supported Instance Types] (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html) in the Amazon OpenSearch Service Developer Guide.
+        '''The hardware configuration of the computer that hosts the dedicated master node, such as ``m3.medium.search``. For valid values, see `Supported Instance Types <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html>`_ in the Amazon OpenSearch Service Developer Guide.
 
         :default: - r5.large.search
         '''
@@ -833,8 +833,8 @@ class CapacityConfig:
     def multi_az_with_standby_enabled(self) -> typing.Optional[builtins.bool]:
         '''Indicates whether Multi-AZ with Standby deployment option is enabled.
 
-        For more information, see [Multi-AZ with Standby]
-        (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html#managedomains-za-standby)
+        For more information, see `Multi-AZ with
+        Standby <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html#managedomains-za-standby>`_
 
         :default: - no multi-az with standby
         '''
@@ -843,7 +843,7 @@ class CapacityConfig:
 
     @builtins.property
     def warm_instance_type(self) -> typing.Optional[builtins.str]:
-        '''The instance type for your UltraWarm node, such as ``ultrawarm1.medium.search``. For valid values, see [UltraWarm Storage Limits] (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#limits-ultrawarm) in the Amazon OpenSearch Service Developer Guide.
+        '''The instance type for your UltraWarm node, such as ``ultrawarm1.medium.search``. For valid values, see `UltraWarm Storage Limits <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#limits-ultrawarm>`_ in the Amazon OpenSearch Service Developer Guide.
 
         :default: - ultrawarm1.medium.search
         '''
@@ -2692,7 +2692,7 @@ class CfnDomain(
         ) -> None:
             '''Specifies information about the master user.
 
-            Required if if ``InternalUserDatabaseEnabled`` is true in `AdvancedSecurityOptions <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html>`_ .
+            Required if ``InternalUserDatabaseEnabled`` is true in `AdvancedSecurityOptions <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html>`_ .
 
             :param master_user_arn: Amazon Resource Name (ARN) for the master user. The ARN can point to an IAM user or role. This property is required for Amazon Cognito to work, and it must match the role configured for Cognito. Only specify if ``InternalUserDatabaseEnabled`` is false in `AdvancedSecurityOptionsInput <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html>`_ .
             :param master_user_name: Username for the master user. Only specify if ``InternalUserDatabaseEnabled`` is true in `AdvancedSecurityOptionsInput <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html>`_ . If you don't want to specify this value directly within the template, you can use a `dynamic reference <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html>`_ instead.
@@ -4957,14 +4957,13 @@ class EbsOptions:
         '''The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the Amazon OpenSearch Service domain.
 
         For more information, see
-        [Amazon EBS]
-        (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html)
+        `Amazon EBS <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html>`_
         in the Amazon Elastic Compute Cloud Developer Guide.
 
         :param enabled: Specifies whether Amazon EBS volumes are attached to data nodes in the Amazon OpenSearch Service domain. Default: - true
         :param iops: The number of I/O operations per second (IOPS) that the volume supports. This property applies only to the gp3 and Provisioned IOPS (SSD) EBS volume type. Default: - iops are not set.
         :param throughput: The throughput (in MiB/s) of the EBS volumes attached to data nodes. This property applies only to the gp3 volume type. Default: - throughput is not set.
-        :param volume_size: The size (in GiB) of the EBS volume for each data node. The minimum and maximum size of an EBS volume depends on the EBS volume type and the instance type to which it is attached. For valid values, see [EBS volume size limits] (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) in the Amazon OpenSearch Service Developer Guide. Default: 10
+        :param volume_size: The size (in GiB) of the EBS volume for each data node. The minimum and maximum size of an EBS volume depends on the EBS volume type and the instance type to which it is attached. For valid values, see `EBS volume size limits <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource>`_ in the Amazon OpenSearch Service Developer Guide. Default: 10
         :param volume_type: The EBS volume type to use with the Amazon OpenSearch Service domain, such as standard, gp2, io1. Default: gp2
 
         :exampleMetadata: infused
@@ -5041,8 +5040,7 @@ class EbsOptions:
         The minimum and
         maximum size of an EBS volume depends on the EBS volume type and the
         instance type to which it is attached.  For  valid values, see
-        [EBS volume size limits]
-        (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource)
+        `EBS volume size limits <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource>`_
         in the Amazon OpenSearch Service Developer Guide.
 
         :default: 10
@@ -5340,7 +5338,12 @@ class EngineVersion(
     @jsii.python.classproperty
     @jsii.member(jsii_name="OPENSEARCH_2_10")
     def OPENSEARCH_2_10(cls) -> "EngineVersion":
-        '''AWS OpenSearch 2.10.'''
+        '''(deprecated) AWS OpenSearch 2.10.
+
+        :deprecated: use latest version of the OpenSearch engine
+
+        :stability: deprecated
+        '''
         return typing.cast("EngineVersion", jsii.sget(cls, "OPENSEARCH_2_10"))
 
     @jsii.python.classproperty
@@ -7243,7 +7246,7 @@ class ZoneAwarenessConfig:
         '''Specifies zone awareness configuration options.
 
         :param availability_zone_count: If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use. Valid values are 2 and 3. Default: - 2 if zone awareness is enabled.
-        :param enabled: Indicates whether to enable zone awareness for the Amazon OpenSearch Service domain. When you enable zone awareness, Amazon OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see [Configuring a Multi-AZ Domain] (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html) in the Amazon OpenSearch Service Developer Guide. Default: - false
+        :param enabled: Indicates whether to enable zone awareness for the Amazon OpenSearch Service domain. When you enable zone awareness, Amazon OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see `Configuring a Multi-AZ Domain <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html>`_ in the Amazon OpenSearch Service Developer Guide. Default: - false
 
         :exampleMetadata: infused
 
@@ -7296,8 +7299,7 @@ class ZoneAwarenessConfig:
         in the same region to prevent data loss and minimize downtime in the event
         of node or data center failure. Don't enable zone awareness if your cluster
         has no replica index shards or is a single-node cluster. For more information,
-        see [Configuring a Multi-AZ Domain]
-        (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html)
+        see `Configuring a Multi-AZ Domain <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html>`_
         in the Amazon OpenSearch Service Developer Guide.
 
         :default: - false

aws_cdk/aws_pinpoint/__init__.py

@@ -8246,6 +8246,7 @@ class CfnEmailChannel(
             # the properties below are optional
             configuration_set="configurationSet",
             enabled=False,
+            orchestration_sending_role_arn="orchestrationSendingRoleArn",
             role_arn="roleArn"
         )
     '''
@@ -8260,6 +8261,7 @@ class CfnEmailChannel(
         identity: builtins.str,
         configuration_set: typing.Optional[builtins.str] = None,
         enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+        orchestration_sending_role_arn: typing.Optional[builtins.str] = None,
         role_arn: typing.Optional[builtins.str] = None,
     ) -> None:
         '''
@@ -8270,6 +8272,7 @@ class CfnEmailChannel(
         :param identity: The Amazon Resource Name (ARN) of the identity, verified with Amazon Simple Email Service (Amazon SES), that you want to use when you send email through the channel.
         :param configuration_set: The `Amazon SES configuration set <https://docs.aws.amazon.com/ses/latest/APIReference/API_ConfigurationSet.html>`_ that you want to apply to messages that you send through the channel.
         :param enabled: Specifies whether to enable the email channel for the application.
+        :param orchestration_sending_role_arn: 
         :param role_arn: The ARN of the AWS Identity and Access Management (IAM) role that you want Amazon Pinpoint to use when it submits email-related event data for the channel.
         '''
         if __debug__:
@@ -8282,6 +8285,7 @@ class CfnEmailChannel(
             identity=identity,
             configuration_set=configuration_set,
             enabled=enabled,
+            orchestration_sending_role_arn=orchestration_sending_role_arn,
             role_arn=role_arn,
         )
 
@@ -8403,6 +8407,21 @@ class CfnEmailChannel(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "enabled", value)
 
+    @builtins.property
+    @jsii.member(jsii_name="orchestrationSendingRoleArn")
+    def orchestration_sending_role_arn(self) -> typing.Optional[builtins.str]:
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "orchestrationSendingRoleArn"))
+
+    @orchestration_sending_role_arn.setter
+    def orchestration_sending_role_arn(
+        self,
+        value: typing.Optional[builtins.str],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__aa8fbe3722fc02e373ab1dd1fbe9afea479c8117a0f4ca1a070a3963c4bdbfde)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "orchestrationSendingRoleArn", value)
+
     @builtins.property
     @jsii.member(jsii_name="roleArn")
     def role_arn(self) -> typing.Optional[builtins.str]:
@@ -8426,6 +8445,7 @@ class CfnEmailChannel(
         "identity": "identity",
         "configuration_set": "configurationSet",
         "enabled": "enabled",
+        "orchestration_sending_role_arn": "orchestrationSendingRoleArn",
         "role_arn": "roleArn",
     },
 )
@@ -8438,6 +8458,7 @@ class CfnEmailChannelProps:
         identity: builtins.str,
         configuration_set: typing.Optional[builtins.str] = None,
         enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+        orchestration_sending_role_arn: typing.Optional[builtins.str] = None,
         role_arn: typing.Optional[builtins.str] = None,
     ) -> None:
         '''Properties for defining a ``CfnEmailChannel``.
@@ -8447,6 +8468,7 @@ class CfnEmailChannelProps:
         :param identity: The Amazon Resource Name (ARN) of the identity, verified with Amazon Simple Email Service (Amazon SES), that you want to use when you send email through the channel.
         :param configuration_set: The `Amazon SES configuration set <https://docs.aws.amazon.com/ses/latest/APIReference/API_ConfigurationSet.html>`_ that you want to apply to messages that you send through the channel.
         :param enabled: Specifies whether to enable the email channel for the application.
+        :param orchestration_sending_role_arn: 
         :param role_arn: The ARN of the AWS Identity and Access Management (IAM) role that you want Amazon Pinpoint to use when it submits email-related event data for the channel.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-pinpoint-emailchannel.html
@@ -8466,6 +8488,7 @@ class CfnEmailChannelProps:
                 # the properties below are optional
                 configuration_set="configurationSet",
                 enabled=False,
+                orchestration_sending_role_arn="orchestrationSendingRoleArn",
                 role_arn="roleArn"
             )
         '''
@@ -8476,6 +8499,7 @@ class CfnEmailChannelProps:
             check_type(argname="argument identity", value=identity, expected_type=type_hints["identity"])
             check_type(argname="argument configuration_set", value=configuration_set, expected_type=type_hints["configuration_set"])
             check_type(argname="argument enabled", value=enabled, expected_type=type_hints["enabled"])
+            check_type(argname="argument orchestration_sending_role_arn", value=orchestration_sending_role_arn, expected_type=type_hints["orchestration_sending_role_arn"])
             check_type(argname="argument role_arn", value=role_arn, expected_type=type_hints["role_arn"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "application_id": application_id,
@@ -8486,6 +8510,8 @@ class CfnEmailChannelProps:
             self._values["configuration_set"] = configuration_set
         if enabled is not None:
             self._values["enabled"] = enabled
+        if orchestration_sending_role_arn is not None:
+            self._values["orchestration_sending_role_arn"] = orchestration_sending_role_arn
         if role_arn is not None:
             self._values["role_arn"] = role_arn
 
@@ -8539,6 +8565,14 @@ class CfnEmailChannelProps:
         result = self._values.get("enabled")
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
 
+    @builtins.property
+    def orchestration_sending_role_arn(self) -> typing.Optional[builtins.str]:
+        '''
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-pinpoint-emailchannel.html#cfn-pinpoint-emailchannel-orchestrationsendingrolearn
+        '''
+        result = self._values.get("orchestration_sending_role_arn")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def role_arn(self) -> typing.Optional[builtins.str]:
         '''The ARN of the AWS Identity and Access Management (IAM) role that you want Amazon Pinpoint to use when it submits email-related event data for the channel.
@@ -15503,6 +15537,7 @@ def _typecheckingstub__7abae51eb3b1f161941e50db5fbebe5cf3c749c2e815f973039ad6189
     identity: builtins.str,
     configuration_set: typing.Optional[builtins.str] = None,
     enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+    orchestration_sending_role_arn: typing.Optional[builtins.str] = None,
     role_arn: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""
@@ -15550,6 +15585,12 @@ def _typecheckingstub__b6552928532890b0bb4451f89e36f2fd0599fa25332569a30589de6da
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__aa8fbe3722fc02e373ab1dd1fbe9afea479c8117a0f4ca1a070a3963c4bdbfde(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__b91d75ea3a5bc3900bbc4b0958bbc0263a57362f325b830004dddc72b23dfe1b(
     value: typing.Optional[builtins.str],
 ) -> None:
@@ -15563,6 +15604,7 @@ def _typecheckingstub__d31b287f2c5e7cfc3790c0eca9541325a73a2157dce8dbc1d3b7d9fa7
     identity: builtins.str,
     configuration_set: typing.Optional[builtins.str] = None,
     enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+    orchestration_sending_role_arn: typing.Optional[builtins.str] = None,
     role_arn: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""

aws_cdk/aws_rds/__init__.py

@@ -1409,8 +1409,6 @@ cluster = rds.DatabaseCluster(self, "Cluster",
     enable_data_api=True
 )
 cluster.grant_data_api_access(fn)
-# It is necessary to grant the function access to the secret associated with the cluster for `DatabaseCluster`.
-cluster.secret.grant_read(fn)
 ```
 
 **Note**: To invoke the Data API, the resource will need to read the secret associated with the cluster.
@@ -4280,7 +4278,7 @@ class CfnDBCluster(
         :param enable_http_endpoint: Specifies whether to enable the HTTP endpoint for the DB cluster. By default, the HTTP endpoint isn't enabled. When enabled, the HTTP endpoint provides a connectionless web service API (RDS Data API) for running SQL queries on the DB cluster. You can also query your database from inside the RDS console with the RDS query editor. RDS Data API is supported with the following DB clusters: - Aurora PostgreSQL Serverless v2 and provisioned - Aurora PostgreSQL and Aurora MySQL Serverless v1 For more information, see `Using RDS Data API <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html>`_ in the *Amazon Aurora User Guide* . Valid for Cluster Type: Aurora DB clusters only
         :param enable_iam_database_authentication: A value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled. For more information, see `IAM Database Authentication <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html>`_ in the *Amazon Aurora User Guide.* Valid for: Aurora DB clusters only
         :param engine: The name of the database engine to be used for this DB cluster. Valid Values: - ``aurora-mysql`` - ``aurora-postgresql`` - ``mysql`` - ``postgres`` Valid for: Aurora DB clusters and Multi-AZ DB clusters
-        :param engine_mode: The DB engine mode of the DB cluster, either ``provisioned`` or ``serverless`` . The ``serverless`` engine mode only supports Aurora Serverless v1. Limitations and requirements apply to some DB engine modes. For more information, see the following sections in the *Amazon Aurora User Guide* : - `Limitations of Aurora Serverless v1 <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html#aurora-serverless.limitations>`_ - `Requirements for Aurora Serverless v2 <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html>`_ - `Limitations of parallel query <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-mysql-parallel-query.html#aurora-mysql-parallel-query-limitations>`_ - `Limitations of Aurora global databases <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html#aurora-global-database.limitations>`_ Valid for: Aurora DB clusters only
+        :param engine_mode: The DB engine mode of the DB cluster, either ``provisioned`` or ``serverless`` . The ``serverless`` engine mode only applies for Aurora Serverless v1 DB clusters. For information about limitations and requirements for Serverless DB clusters, see the following sections in the *Amazon Aurora User Guide* : - `Limitations of Aurora Serverless v1 <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html#aurora-serverless.limitations>`_ - `Requirements for Aurora Serverless v2 <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html>`_ Valid for Cluster Type: Aurora DB clusters only
         :param engine_version: The version number of the database engine to use. To list all of the available engine versions for Aurora MySQL version 2 (5.7-compatible) and version 3 (8.0-compatible), use the following command: ``aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[].EngineVersion"`` You can supply either ``5.7`` or ``8.0`` to use the default engine version for Aurora MySQL version 2 or version 3, respectively. To list all of the available engine versions for Aurora PostgreSQL, use the following command: ``aws rds describe-db-engine-versions --engine aurora-postgresql --query "DBEngineVersions[].EngineVersion"`` To list all of the available engine versions for RDS for MySQL, use the following command: ``aws rds describe-db-engine-versions --engine mysql --query "DBEngineVersions[].EngineVersion"`` To list all of the available engine versions for RDS for PostgreSQL, use the following command: ``aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[].EngineVersion"`` *Aurora MySQL* For information, see `Database engine updates for Amazon Aurora MySQL <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Updates.html>`_ in the *Amazon Aurora User Guide* . *Aurora PostgreSQL* For information, see `Amazon Aurora PostgreSQL releases and engine versions <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Updates.20180305.html>`_ in the *Amazon Aurora User Guide* . *MySQL* For information, see `Amazon RDS for MySQL <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide* . *PostgreSQL* For information, see `Amazon RDS for PostgreSQL <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts>`_ in the *Amazon RDS User Guide* . Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param global_cluster_identifier: If you are configuring an Aurora global database cluster and want your Aurora DB cluster to be a secondary member in the global database cluster, specify the global cluster ID of the global database cluster. To define the primary database cluster of the global cluster, use the `AWS::RDS::GlobalCluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-globalcluster.html>`_ resource. If you aren't configuring a global database cluster, don't specify this property. .. epigraph:: To remove the DB cluster from a global database cluster, specify an empty value for the ``GlobalClusterIdentifier`` property. For information about Aurora global databases, see `Working with Amazon Aurora Global Databases <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html>`_ in the *Amazon Aurora User Guide* . Valid for: Aurora DB clusters only
         :param iops: The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster. For information about valid IOPS values, see `Provisioned IOPS storage <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS>`_ in the *Amazon RDS User Guide* . This setting is required to create a Multi-AZ DB cluster. Valid for Cluster Type: Multi-AZ DB clusters only Constraints: - Must be a multiple between .5 and 50 of the storage amount for the DB cluster.
@@ -6346,7 +6344,7 @@ class CfnDBClusterProps:
         :param enable_http_endpoint: Specifies whether to enable the HTTP endpoint for the DB cluster. By default, the HTTP endpoint isn't enabled. When enabled, the HTTP endpoint provides a connectionless web service API (RDS Data API) for running SQL queries on the DB cluster. You can also query your database from inside the RDS console with the RDS query editor. RDS Data API is supported with the following DB clusters: - Aurora PostgreSQL Serverless v2 and provisioned - Aurora PostgreSQL and Aurora MySQL Serverless v1 For more information, see `Using RDS Data API <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html>`_ in the *Amazon Aurora User Guide* . Valid for Cluster Type: Aurora DB clusters only
         :param enable_iam_database_authentication: A value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled. For more information, see `IAM Database Authentication <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html>`_ in the *Amazon Aurora User Guide.* Valid for: Aurora DB clusters only
         :param engine: The name of the database engine to be used for this DB cluster. Valid Values: - ``aurora-mysql`` - ``aurora-postgresql`` - ``mysql`` - ``postgres`` Valid for: Aurora DB clusters and Multi-AZ DB clusters
-        :param engine_mode: The DB engine mode of the DB cluster, either ``provisioned`` or ``serverless`` . The ``serverless`` engine mode only supports Aurora Serverless v1. Limitations and requirements apply to some DB engine modes. For more information, see the following sections in the *Amazon Aurora User Guide* : - `Limitations of Aurora Serverless v1 <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html#aurora-serverless.limitations>`_ - `Requirements for Aurora Serverless v2 <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html>`_ - `Limitations of parallel query <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-mysql-parallel-query.html#aurora-mysql-parallel-query-limitations>`_ - `Limitations of Aurora global databases <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html#aurora-global-database.limitations>`_ Valid for: Aurora DB clusters only
+        :param engine_mode: The DB engine mode of the DB cluster, either ``provisioned`` or ``serverless`` . The ``serverless`` engine mode only applies for Aurora Serverless v1 DB clusters. For information about limitations and requirements for Serverless DB clusters, see the following sections in the *Amazon Aurora User Guide* : - `Limitations of Aurora Serverless v1 <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html#aurora-serverless.limitations>`_ - `Requirements for Aurora Serverless v2 <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html>`_ Valid for Cluster Type: Aurora DB clusters only
         :param engine_version: The version number of the database engine to use. To list all of the available engine versions for Aurora MySQL version 2 (5.7-compatible) and version 3 (8.0-compatible), use the following command: ``aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[].EngineVersion"`` You can supply either ``5.7`` or ``8.0`` to use the default engine version for Aurora MySQL version 2 or version 3, respectively. To list all of the available engine versions for Aurora PostgreSQL, use the following command: ``aws rds describe-db-engine-versions --engine aurora-postgresql --query "DBEngineVersions[].EngineVersion"`` To list all of the available engine versions for RDS for MySQL, use the following command: ``aws rds describe-db-engine-versions --engine mysql --query "DBEngineVersions[].EngineVersion"`` To list all of the available engine versions for RDS for PostgreSQL, use the following command: ``aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[].EngineVersion"`` *Aurora MySQL* For information, see `Database engine updates for Amazon Aurora MySQL <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Updates.html>`_ in the *Amazon Aurora User Guide* . *Aurora PostgreSQL* For information, see `Amazon Aurora PostgreSQL releases and engine versions <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Updates.20180305.html>`_ in the *Amazon Aurora User Guide* . *MySQL* For information, see `Amazon RDS for MySQL <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide* . *PostgreSQL* For information, see `Amazon RDS for PostgreSQL <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts>`_ in the *Amazon RDS User Guide* . Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param global_cluster_identifier: If you are configuring an Aurora global database cluster and want your Aurora DB cluster to be a secondary member in the global database cluster, specify the global cluster ID of the global database cluster. To define the primary database cluster of the global cluster, use the `AWS::RDS::GlobalCluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-globalcluster.html>`_ resource. If you aren't configuring a global database cluster, don't specify this property. .. epigraph:: To remove the DB cluster from a global database cluster, specify an empty value for the ``GlobalClusterIdentifier`` property. For information about Aurora global databases, see `Working with Amazon Aurora Global Databases <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html>`_ in the *Amazon Aurora User Guide* . Valid for: Aurora DB clusters only
         :param iops: The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster. For information about valid IOPS values, see `Provisioned IOPS storage <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS>`_ in the *Amazon RDS User Guide* . This setting is required to create a Multi-AZ DB cluster. Valid for Cluster Type: Multi-AZ DB clusters only Constraints: - Must be a multiple between .5 and 50 of the storage amount for the DB cluster.
@@ -6998,16 +6996,14 @@ class CfnDBClusterProps:
     def engine_mode(self) -> typing.Optional[builtins.str]:
         '''The DB engine mode of the DB cluster, either ``provisioned`` or ``serverless`` .
 
-        The ``serverless`` engine mode only supports Aurora Serverless v1.
+        The ``serverless`` engine mode only applies for Aurora Serverless v1 DB clusters.
 
-        Limitations and requirements apply to some DB engine modes. For more information, see the following sections in the *Amazon Aurora User Guide* :
+        For information about limitations and requirements for Serverless DB clusters, see the following sections in the *Amazon Aurora User Guide* :
 
         - `Limitations of Aurora Serverless v1 <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html#aurora-serverless.limitations>`_
         - `Requirements for Aurora Serverless v2 <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html>`_
-        - `Limitations of parallel query <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-mysql-parallel-query.html#aurora-mysql-parallel-query-limitations>`_
-        - `Limitations of Aurora global databases <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html#aurora-global-database.limitations>`_
 
-        Valid for: Aurora DB clusters only
+        Valid for Cluster Type: Aurora DB clusters only
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html#cfn-rds-dbcluster-enginemode
         '''
@@ -7891,7 +7887,7 @@ class CfnDBInstance(
         :param enable_iam_database_authentication: A value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled. This property is supported for RDS for MariaDB, RDS for MySQL, and RDS for PostgreSQL. For more information, see `IAM Database Authentication for MariaDB, MySQL, and PostgreSQL <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html>`_ in the *Amazon RDS User Guide.* *Amazon Aurora* Not applicable. Mapping AWS IAM accounts to database accounts is managed by the DB cluster.
         :param enable_performance_insights: Specifies whether to enable Performance Insights for the DB instance. For more information, see `Using Amazon Performance Insights <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html>`_ in the *Amazon RDS User Guide* . This setting doesn't apply to RDS Custom DB instances.
         :param endpoint: The connection endpoint for the DB instance. .. epigraph:: The endpoint might not be shown for instances with the status of ``creating`` .
-        :param engine: The name of the database engine that you want to use for this DB instance. Not every database engine is available in every AWS Region. .. epigraph:: When you are creating a DB instance, the ``Engine`` property is required. Valid Values: - ``aurora-mysql`` (for Aurora MySQL DB instances) - ``aurora-postgresql`` (for Aurora PostgreSQL DB instances) - ``custom-oracle-ee`` (for RDS Custom for Oracle DB instances) - ``custom-oracle-ee-cdb`` (for RDS Custom for Oracle DB instances) - ``custom-sqlserver-ee`` (for RDS Custom for SQL Server DB instances) - ``custom-sqlserver-se`` (for RDS Custom for SQL Server DB instances) - ``custom-sqlserver-web`` (for RDS Custom for SQL Server DB instances) - ``db2-ae`` - ``db2-se`` - ``mariadb`` - ``mysql`` - ``oracle-ee`` - ``oracle-ee-cdb`` - ``oracle-se2`` - ``oracle-se2-cdb`` - ``postgres`` - ``sqlserver-ee`` - ``sqlserver-se`` - ``sqlserver-ex`` - ``sqlserver-web``
+        :param engine: The name of the database engine to use for this DB instance. Not every database engine is available in every AWS Region. This property is required when creating a DB instance. .. epigraph:: You can change the architecture of an Oracle database from the non-container database (CDB) architecture to the CDB architecture by updating the ``Engine`` value in your templates from ``oracle-ee`` or ``oracle-ee-cdb`` to ``oracle-se2-cdb`` . Converting to the CDB architecture requires an interruption. Valid Values: - ``aurora-mysql`` (for Aurora MySQL DB instances) - ``aurora-postgresql`` (for Aurora PostgreSQL DB instances) - ``custom-oracle-ee`` (for RDS Custom for Oracle DB instances) - ``custom-oracle-ee-cdb`` (for RDS Custom for Oracle DB instances) - ``custom-sqlserver-ee`` (for RDS Custom for SQL Server DB instances) - ``custom-sqlserver-se`` (for RDS Custom for SQL Server DB instances) - ``custom-sqlserver-web`` (for RDS Custom for SQL Server DB instances) - ``db2-ae`` - ``db2-se`` - ``mariadb`` - ``mysql`` - ``oracle-ee`` - ``oracle-ee-cdb`` - ``oracle-se2`` - ``oracle-se2-cdb`` - ``postgres`` - ``sqlserver-ee`` - ``sqlserver-se`` - ``sqlserver-ex`` - ``sqlserver-web``
         :param engine_version: The version number of the database engine to use. For a list of valid engine versions, use the ``DescribeDBEngineVersions`` action. The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every AWS Region. *Amazon Aurora* Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster. *Db2* See `Amazon RDS for Db2 <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Db2.html#Db2.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.* *MariaDB* See `MariaDB on Amazon RDS Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.* *Microsoft SQL Server* See `Microsoft SQL Server Versions on Amazon RDS <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport>`_ in the *Amazon RDS User Guide.* *MySQL* See `MySQL on Amazon RDS Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.* *Oracle* See `Oracle Database Engine Release Notes <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html>`_ in the *Amazon RDS User Guide.* *PostgreSQL* See `Supported PostgreSQL Database Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.DBVersions>`_ in the *Amazon RDS User Guide.*
         :param iops: The number of I/O operations per second (IOPS) that the database provisions. The value must be equal to or greater than 1000. If you specify this property, you must follow the range of allowed ratios of your requested IOPS rate to the amount of storage that you allocate (IOPS to allocated storage). For example, you can provision an Oracle database instance with 1000 IOPS and 200 GiB of storage (a ratio of 5:1), or specify 2000 IOPS with 200 GiB of storage (a ratio of 10:1). For more information, see `Amazon RDS Provisioned IOPS Storage to Improve Performance <https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/CHAP_Storage.html#USER_PIOPS>`_ in the *Amazon RDS User Guide* . .. epigraph:: If you specify ``io1`` for the ``StorageType`` property, then you must also specify the ``Iops`` property. Constraints: - For RDS for Db2, MariaDB, MySQL, Oracle, and PostgreSQL - Must be a multiple between .5 and 50 of the storage amount for the DB instance. - For RDS for SQL Server - Must be a multiple between 1 and 50 of the storage amount for the DB instance.
         :param kms_key_id: The ARN of the AWS KMS key that's used to encrypt the DB instance, such as ``arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef`` . If you enable the StorageEncrypted property but don't specify this property, AWS CloudFormation uses the default KMS key. If you specify this property, you must set the StorageEncrypted property to true. If you specify the ``SourceDBInstanceIdentifier`` property, the value is inherited from the source DB instance if the read replica is created in the same region. If you create an encrypted read replica in a different AWS Region, then you must specify a KMS key for the destination AWS Region. KMS encryption keys are specific to the region that they're created in, and you can't use encryption keys from one region in another region. If you specify the ``SnapshotIdentifier`` property, the ``StorageEncrypted`` property value is inherited from the snapshot, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used. If you specify ``DBSecurityGroups`` , AWS CloudFormation ignores this property. To specify both a security group and this property, you must use a VPC security group. For more information about Amazon RDS and VPC, see `Using Amazon RDS with Amazon VPC <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html>`_ in the *Amazon RDS User Guide* . *Amazon Aurora* Not applicable. The KMS key identifier is managed by the DB cluster.
@@ -8682,7 +8678,7 @@ class CfnDBInstance(
     @builtins.property
     @jsii.member(jsii_name="engine")
     def engine(self) -> typing.Optional[builtins.str]:
-        '''The name of the database engine that you want to use for this DB instance.'''
+        '''The name of the database engine to use for this DB instance.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "engine"))
 
     @engine.setter
@@ -9877,7 +9873,7 @@ class CfnDBInstanceProps:
         :param enable_iam_database_authentication: A value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled. This property is supported for RDS for MariaDB, RDS for MySQL, and RDS for PostgreSQL. For more information, see `IAM Database Authentication for MariaDB, MySQL, and PostgreSQL <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html>`_ in the *Amazon RDS User Guide.* *Amazon Aurora* Not applicable. Mapping AWS IAM accounts to database accounts is managed by the DB cluster.
         :param enable_performance_insights: Specifies whether to enable Performance Insights for the DB instance. For more information, see `Using Amazon Performance Insights <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html>`_ in the *Amazon RDS User Guide* . This setting doesn't apply to RDS Custom DB instances.
         :param endpoint: The connection endpoint for the DB instance. .. epigraph:: The endpoint might not be shown for instances with the status of ``creating`` .
-        :param engine: The name of the database engine that you want to use for this DB instance. Not every database engine is available in every AWS Region. .. epigraph:: When you are creating a DB instance, the ``Engine`` property is required. Valid Values: - ``aurora-mysql`` (for Aurora MySQL DB instances) - ``aurora-postgresql`` (for Aurora PostgreSQL DB instances) - ``custom-oracle-ee`` (for RDS Custom for Oracle DB instances) - ``custom-oracle-ee-cdb`` (for RDS Custom for Oracle DB instances) - ``custom-sqlserver-ee`` (for RDS Custom for SQL Server DB instances) - ``custom-sqlserver-se`` (for RDS Custom for SQL Server DB instances) - ``custom-sqlserver-web`` (for RDS Custom for SQL Server DB instances) - ``db2-ae`` - ``db2-se`` - ``mariadb`` - ``mysql`` - ``oracle-ee`` - ``oracle-ee-cdb`` - ``oracle-se2`` - ``oracle-se2-cdb`` - ``postgres`` - ``sqlserver-ee`` - ``sqlserver-se`` - ``sqlserver-ex`` - ``sqlserver-web``
+        :param engine: The name of the database engine to use for this DB instance. Not every database engine is available in every AWS Region. This property is required when creating a DB instance. .. epigraph:: You can change the architecture of an Oracle database from the non-container database (CDB) architecture to the CDB architecture by updating the ``Engine`` value in your templates from ``oracle-ee`` or ``oracle-ee-cdb`` to ``oracle-se2-cdb`` . Converting to the CDB architecture requires an interruption. Valid Values: - ``aurora-mysql`` (for Aurora MySQL DB instances) - ``aurora-postgresql`` (for Aurora PostgreSQL DB instances) - ``custom-oracle-ee`` (for RDS Custom for Oracle DB instances) - ``custom-oracle-ee-cdb`` (for RDS Custom for Oracle DB instances) - ``custom-sqlserver-ee`` (for RDS Custom for SQL Server DB instances) - ``custom-sqlserver-se`` (for RDS Custom for SQL Server DB instances) - ``custom-sqlserver-web`` (for RDS Custom for SQL Server DB instances) - ``db2-ae`` - ``db2-se`` - ``mariadb`` - ``mysql`` - ``oracle-ee`` - ``oracle-ee-cdb`` - ``oracle-se2`` - ``oracle-se2-cdb`` - ``postgres`` - ``sqlserver-ee`` - ``sqlserver-se`` - ``sqlserver-ex`` - ``sqlserver-web``
         :param engine_version: The version number of the database engine to use. For a list of valid engine versions, use the ``DescribeDBEngineVersions`` action. The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every AWS Region. *Amazon Aurora* Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster. *Db2* See `Amazon RDS for Db2 <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Db2.html#Db2.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.* *MariaDB* See `MariaDB on Amazon RDS Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.* *Microsoft SQL Server* See `Microsoft SQL Server Versions on Amazon RDS <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport>`_ in the *Amazon RDS User Guide.* *MySQL* See `MySQL on Amazon RDS Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.* *Oracle* See `Oracle Database Engine Release Notes <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html>`_ in the *Amazon RDS User Guide.* *PostgreSQL* See `Supported PostgreSQL Database Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.DBVersions>`_ in the *Amazon RDS User Guide.*
         :param iops: The number of I/O operations per second (IOPS) that the database provisions. The value must be equal to or greater than 1000. If you specify this property, you must follow the range of allowed ratios of your requested IOPS rate to the amount of storage that you allocate (IOPS to allocated storage). For example, you can provision an Oracle database instance with 1000 IOPS and 200 GiB of storage (a ratio of 5:1), or specify 2000 IOPS with 200 GiB of storage (a ratio of 10:1). For more information, see `Amazon RDS Provisioned IOPS Storage to Improve Performance <https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/CHAP_Storage.html#USER_PIOPS>`_ in the *Amazon RDS User Guide* . .. epigraph:: If you specify ``io1`` for the ``StorageType`` property, then you must also specify the ``Iops`` property. Constraints: - For RDS for Db2, MariaDB, MySQL, Oracle, and PostgreSQL - Must be a multiple between .5 and 50 of the storage amount for the DB instance. - For RDS for SQL Server - Must be a multiple between 1 and 50 of the storage amount for the DB instance.
         :param kms_key_id: The ARN of the AWS KMS key that's used to encrypt the DB instance, such as ``arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef`` . If you enable the StorageEncrypted property but don't specify this property, AWS CloudFormation uses the default KMS key. If you specify this property, you must set the StorageEncrypted property to true. If you specify the ``SourceDBInstanceIdentifier`` property, the value is inherited from the source DB instance if the read replica is created in the same region. If you create an encrypted read replica in a different AWS Region, then you must specify a KMS key for the destination AWS Region. KMS encryption keys are specific to the region that they're created in, and you can't use encryption keys from one region in another region. If you specify the ``SnapshotIdentifier`` property, the ``StorageEncrypted`` property value is inherited from the snapshot, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used. If you specify ``DBSecurityGroups`` , AWS CloudFormation ignores this property. To specify both a security group and this property, you must use a VPC security group. For more information about Amazon RDS and VPC, see `Using Amazon RDS with Amazon VPC <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html>`_ in the *Amazon RDS User Guide* . *Amazon Aurora* Not applicable. The KMS key identifier is managed by the DB cluster.
@@ -10978,12 +10974,14 @@ class CfnDBInstanceProps:
 
     @builtins.property
     def engine(self) -> typing.Optional[builtins.str]:
-        '''The name of the database engine that you want to use for this DB instance.
+        '''The name of the database engine to use for this DB instance.
 
         Not every database engine is available in every AWS Region.
+
+        This property is required when creating a DB instance.
         .. epigraph::
 
-           When you are creating a DB instance, the ``Engine`` property is required.
+           You can change the architecture of an Oracle database from the non-container database (CDB) architecture to the CDB architecture by updating the ``Engine`` value in your templates from ``oracle-ee`` or ``oracle-ee-cdb`` to ``oracle-se2-cdb`` . Converting to the CDB architecture requires an interruption.
 
         Valid Values:
 
@@ -18525,6 +18523,7 @@ class DBClusterStorageType(enum.Enum):
         "instance_identifiers": "instanceIdentifiers",
         "port": "port",
         "reader_endpoint_address": "readerEndpointAddress",
+        "secret": "secret",
         "security_groups": "securityGroups",
     },
 )
@@ -18540,6 +18539,7 @@ class DatabaseClusterAttributes:
         instance_identifiers: typing.Optional[typing.Sequence[builtins.str]] = None,
         port: typing.Optional[jsii.Number] = None,
         reader_endpoint_address: typing.Optional[builtins.str] = None,
+        secret: typing.Optional[_ISecret_6e020e6a] = None,
         security_groups: typing.Optional[typing.Sequence[_ISecurityGroup_acf8a799]] = None,
     ) -> None:
         '''Properties that describe an existing cluster instance.
@@ -18552,6 +18552,7 @@ class DatabaseClusterAttributes:
         :param instance_identifiers: Identifier for the instances. Default: - no instance identifiers
         :param port: The database port. Default: - none
         :param reader_endpoint_address: Reader endpoint address. Default: - no reader address
+        :param secret: The secret attached to the database cluster. Default: - the imported Cluster's secret is unknown
         :param security_groups: The security groups of the database cluster. Default: - no security groups
 
         :exampleMetadata: fixture=_generated
@@ -18562,8 +18563,10 @@ class DatabaseClusterAttributes:
             # The values are placeholders you should change.
             from aws_cdk import aws_ec2 as ec2
             from aws_cdk import aws_rds as rds
+            from aws_cdk import aws_secretsmanager as secretsmanager
             
             # cluster_engine: rds.IClusterEngine
+            # secret: secretsmanager.Secret
             # security_group: ec2.SecurityGroup
             
             database_cluster_attributes = rds.DatabaseClusterAttributes(
@@ -18577,6 +18580,7 @@ class DatabaseClusterAttributes:
                 instance_identifiers=["instanceIdentifiers"],
                 port=123,
                 reader_endpoint_address="readerEndpointAddress",
+                secret=secret,
                 security_groups=[security_group]
             )
         '''
@@ -18590,6 +18594,7 @@ class DatabaseClusterAttributes:
             check_type(argname="argument instance_identifiers", value=instance_identifiers, expected_type=type_hints["instance_identifiers"])
             check_type(argname="argument port", value=port, expected_type=type_hints["port"])
             check_type(argname="argument reader_endpoint_address", value=reader_endpoint_address, expected_type=type_hints["reader_endpoint_address"])
+            check_type(argname="argument secret", value=secret, expected_type=type_hints["secret"])
             check_type(argname="argument security_groups", value=security_groups, expected_type=type_hints["security_groups"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "cluster_identifier": cluster_identifier,
@@ -18608,6 +18613,8 @@ class DatabaseClusterAttributes:
             self._values["port"] = port
         if reader_endpoint_address is not None:
             self._values["reader_endpoint_address"] = reader_endpoint_address
+        if secret is not None:
+            self._values["secret"] = secret
         if security_groups is not None:
             self._values["security_groups"] = security_groups
 
@@ -18683,6 +18690,15 @@ class DatabaseClusterAttributes:
         result = self._values.get("reader_endpoint_address")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def secret(self) -> typing.Optional[_ISecret_6e020e6a]:
+        '''The secret attached to the database cluster.
+
+        :default: - the imported Cluster's secret is unknown
+        '''
+        result = self._values.get("secret")
+        return typing.cast(typing.Optional[_ISecret_6e020e6a], result)
+
     @builtins.property
     def security_groups(self) -> typing.Optional[typing.List[_ISecurityGroup_acf8a799]]:
         '''The security groups of the database cluster.
@@ -37972,6 +37988,13 @@ class DatabaseClusterBase(
         '''
         ...
 
+    @builtins.property
+    @jsii.member(jsii_name="secret")
+    @abc.abstractmethod
+    def secret(self) -> typing.Optional[_ISecret_6e020e6a]:
+        '''Secret in SecretsManager to store the database cluster user credentials.'''
+        ...
+
     @builtins.property
     @jsii.member(jsii_name="enableDataApi")
     @abc.abstractmethod
@@ -38042,6 +38065,12 @@ class _DatabaseClusterBaseProxy(
         '''
         return typing.cast(typing.Optional["IClusterEngine"], jsii.get(self, "engine"))
 
+    @builtins.property
+    @jsii.member(jsii_name="secret")
+    def secret(self) -> typing.Optional[_ISecret_6e020e6a]:
+        '''Secret in SecretsManager to store the database cluster user credentials.'''
+        return typing.cast(typing.Optional[_ISecret_6e020e6a], jsii.get(self, "secret"))
+
     @builtins.property
     @jsii.member(jsii_name="enableDataApi")
     def _enable_data_api(self) -> typing.Optional[builtins.bool]:
@@ -42238,6 +42267,7 @@ class DatabaseCluster(
         instance_identifiers: typing.Optional[typing.Sequence[builtins.str]] = None,
         port: typing.Optional[jsii.Number] = None,
         reader_endpoint_address: typing.Optional[builtins.str] = None,
+        secret: typing.Optional[_ISecret_6e020e6a] = None,
         security_groups: typing.Optional[typing.Sequence[_ISecurityGroup_acf8a799]] = None,
     ) -> IDatabaseCluster:
         '''Import an existing DatabaseCluster from properties.
@@ -42252,6 +42282,7 @@ class DatabaseCluster(
         :param instance_identifiers: Identifier for the instances. Default: - no instance identifiers
         :param port: The database port. Default: - none
         :param reader_endpoint_address: Reader endpoint address. Default: - no reader address
+        :param secret: The secret attached to the database cluster. Default: - the imported Cluster's secret is unknown
         :param security_groups: The security groups of the database cluster. Default: - no security groups
         '''
         if __debug__:
@@ -42267,6 +42298,7 @@ class DatabaseCluster(
             instance_identifiers=instance_identifiers,
             port=port,
             reader_endpoint_address=reader_endpoint_address,
+            secret=secret,
             security_groups=security_groups,
         )
 
@@ -45585,6 +45617,7 @@ def _typecheckingstub__ed300072ed57a352a09d26b0a71ae628bf48c46f003dddeb880d02b1b
     instance_identifiers: typing.Optional[typing.Sequence[builtins.str]] = None,
     port: typing.Optional[jsii.Number] = None,
     reader_endpoint_address: typing.Optional[builtins.str] = None,
+    secret: typing.Optional[_ISecret_6e020e6a] = None,
     security_groups: typing.Optional[typing.Sequence[_ISecurityGroup_acf8a799]] = None,
 ) -> None:
     """Type checking stubs"""
@@ -47371,6 +47404,7 @@ def _typecheckingstub__d7cb0d9ec8799a7f25049acfbf2838c0699426663debfac03fac47054
     instance_identifiers: typing.Optional[typing.Sequence[builtins.str]] = None,
     port: typing.Optional[jsii.Number] = None,
     reader_endpoint_address: typing.Optional[builtins.str] = None,
+    secret: typing.Optional[_ISecret_6e020e6a] = None,
     security_groups: typing.Optional[typing.Sequence[_ISecurityGroup_acf8a799]] = None,
 ) -> None:
     """Type checking stubs"""

aws_cdk/aws_sagemaker/__init__.py

@@ -17064,7 +17064,7 @@ class CfnModel(
             '''Describes the container, as part of model definition.
 
             :param container_hostname: This parameter is ignored for models that contain only a ``PrimaryContainer`` . When a ``ContainerDefinition`` is part of an inference pipeline, the value of the parameter uniquely identifies the container for the purposes of logging and metrics. For information, see `Use Logs and Metrics to Monitor an Inference Pipeline <https://docs.aws.amazon.com/sagemaker/latest/dg/inference-pipeline-logs-metrics.html>`_ . If you don't specify a value for this parameter for a ``ContainerDefinition`` that is part of an inference pipeline, a unique name is automatically assigned based on the position of the ``ContainerDefinition`` in the pipeline. If you specify a value for the ``ContainerHostName`` for any ``ContainerDefinition`` that is part of an inference pipeline, you must specify a value for the ``ContainerHostName`` parameter of every ``ContainerDefinition`` in that pipeline.
-            :param environment: The environment variables to set in the Docker container. Each key and value in the ``Environment`` string to string map can have length of up to 1024. We support up to 16 entries in the map.
+            :param environment: The environment variables to set in the Docker container. The maximum length of each key and value in the ``Environment`` map is 1024 bytes. The maximum length of all keys and values in the map, combined, is 32 KB. If you pass multiple containers to a ``CreateModel`` request, then the maximum length of all of their maps, combined, is also 32 KB.
             :param image: The path where inference code is stored. This can be either in Amazon EC2 Container Registry or in a Docker registry that is accessible from the same VPC that you configure for your endpoint. If you are using your own custom algorithm instead of an algorithm provided by SageMaker, the inference code must meet SageMaker requirements. SageMaker supports both ``registry/repository[:tag]`` and ``registry/repository[@digest]`` image path formats. For more information, see `Using Your Own Algorithms with Amazon SageMaker <https://docs.aws.amazon.com/sagemaker/latest/dg/your-algorithms.html>`_ . .. epigraph:: The model artifacts in an Amazon S3 bucket and the Docker image for inference container in Amazon EC2 Container Registry must be in the same region as the model or endpoint you are creating.
             :param image_config: Specifies whether the model container is in Amazon ECR or a private Docker registry accessible from your Amazon Virtual Private Cloud (VPC). For information about storing containers in a private Docker registry, see `Use a Private Docker Registry for Real-Time Inference Containers <https://docs.aws.amazon.com/sagemaker/latest/dg/your-algorithms-containers-inference-private.html>`_ . .. epigraph:: The model artifacts in an Amazon S3 bucket and the Docker image for inference container in Amazon EC2 Container Registry must be in the same region as the model or endpoint you are creating.
             :param inference_specification_name: The inference specification name in the model package version.
@@ -17167,7 +17167,7 @@ class CfnModel(
         def environment(self) -> typing.Any:
             '''The environment variables to set in the Docker container.
 
-            Each key and value in the ``Environment`` string to string map can have length of up to 1024. We support up to 16 entries in the map.
+            The maximum length of each key and value in the ``Environment`` map is 1024 bytes. The maximum length of all keys and values in the map, combined, is 32 KB. If you pass multiple containers to a ``CreateModel`` request, then the maximum length of all of their maps, combined, is also 32 KB.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-model-containerdefinition.html#cfn-sagemaker-model-containerdefinition-environment
             '''

aws_cdk/aws_ssm/__init__.py

@@ -5171,7 +5171,7 @@ class CfnPatchBaseline(
         :param operating_system: Defines the operating system the patch baseline applies to. The default value is ``WINDOWS`` . Default: - "WINDOWS"
         :param patch_groups: The name of the patch group to be registered with the patch baseline.
         :param rejected_patches: A list of explicitly rejected patches for the baseline. For information about accepted formats for lists of approved patches and rejected patches, see `About package name formats for approved and rejected patch lists <https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html>`_ in the *AWS Systems Manager User Guide* .
-        :param rejected_patches_action: The action for Patch Manager to take on patches included in the ``RejectedPackages`` list. - *``ALLOW_AS_DEPENDENCY``* : A package in the ``Rejected`` patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as ``InstalledOther`` . This is the default action if no option is specified. - *``BLOCK``* : Packages in the ``RejectedPatches`` list, and packages that include them as dependencies, aren't installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported as ``InstalledRejected`` . Default: - "ALLOW_AS_DEPENDENCY"
+        :param rejected_patches_action: The action for Patch Manager to take on patches included in the ``RejectedPackages`` list. - *``ALLOW_AS_DEPENDENCY``* : A package in the ``Rejected`` patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as ``InstalledOther`` . This is the default action if no option is specified. - *BLOCK* : Packages in the *Rejected patches* list, and packages that include them as dependencies, aren't installed by Patch Manager under any circumstances. If a package was installed before it was added to the *Rejected patches* list, or is installed outside of Patch Manager afterward, it's considered noncompliant with the patch baseline and its status is reported as *InstalledRejected* . Default: - "ALLOW_AS_DEPENDENCY"
         :param sources: Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.
         :param tags: Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a patch baseline to identify the severity level of patches it specifies and the operating system family it applies to.
         '''
@@ -5977,7 +5977,7 @@ class CfnPatchBaselineProps:
         :param operating_system: Defines the operating system the patch baseline applies to. The default value is ``WINDOWS`` . Default: - "WINDOWS"
         :param patch_groups: The name of the patch group to be registered with the patch baseline.
         :param rejected_patches: A list of explicitly rejected patches for the baseline. For information about accepted formats for lists of approved patches and rejected patches, see `About package name formats for approved and rejected patch lists <https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html>`_ in the *AWS Systems Manager User Guide* .
-        :param rejected_patches_action: The action for Patch Manager to take on patches included in the ``RejectedPackages`` list. - *``ALLOW_AS_DEPENDENCY``* : A package in the ``Rejected`` patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as ``InstalledOther`` . This is the default action if no option is specified. - *``BLOCK``* : Packages in the ``RejectedPatches`` list, and packages that include them as dependencies, aren't installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported as ``InstalledRejected`` . Default: - "ALLOW_AS_DEPENDENCY"
+        :param rejected_patches_action: The action for Patch Manager to take on patches included in the ``RejectedPackages`` list. - *``ALLOW_AS_DEPENDENCY``* : A package in the ``Rejected`` patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as ``InstalledOther`` . This is the default action if no option is specified. - *BLOCK* : Packages in the *Rejected patches* list, and packages that include them as dependencies, aren't installed by Patch Manager under any circumstances. If a package was installed before it was added to the *Rejected patches* list, or is installed outside of Patch Manager afterward, it's considered noncompliant with the patch baseline and its status is reported as *InstalledRejected* . Default: - "ALLOW_AS_DEPENDENCY"
         :param sources: Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.
         :param tags: Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a patch baseline to identify the severity level of patches it specifies and the operating system family it applies to.
 
@@ -6213,7 +6213,7 @@ class CfnPatchBaselineProps:
         '''The action for Patch Manager to take on patches included in the ``RejectedPackages`` list.
 
         - *``ALLOW_AS_DEPENDENCY``* : A package in the ``Rejected`` patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as ``InstalledOther`` . This is the default action if no option is specified.
-        - *``BLOCK``* : Packages in the ``RejectedPatches`` list, and packages that include them as dependencies, aren't installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported as ``InstalledRejected`` .
+        - *BLOCK* : Packages in the *Rejected patches* list, and packages that include them as dependencies, aren't installed by Patch Manager under any circumstances. If a package was installed before it was added to the *Rejected patches* list, or is installed outside of Patch Manager afterward, it's considered noncompliant with the patch baseline and its status is reported as *InstalledRejected* .
 
         :default: - "ALLOW_AS_DEPENDENCY"