aws-cdk-lib 2.133.0__py3-none-any.whl → 2.135.0__py3-none-any.whl

aws_cdk/aws_dynamodb/__init__.py

@@ -861,6 +861,9 @@ dynamodb.Table(stack, "Table",
 )
 ```
 '''
+from pkgutil import extend_path
+__path__ = extend_path(__path__, __name__)
+
 import abc
 import builtins
 import datetime
@@ -1372,6 +1375,8 @@ class CfnGlobalTable(
         # The values are placeholders you should change.
         from aws_cdk import aws_dynamodb as dynamodb
         
+        # policy_document: Any
+        
         cfn_global_table = dynamodb.CfnGlobalTable(self, "MyCfnGlobalTable",
             attribute_definitions=[dynamodb.CfnGlobalTable.AttributeDefinitionProperty(
                 attribute_name="attributeName",
@@ -1442,6 +1447,14 @@ class CfnGlobalTable(
                     ),
                     read_capacity_units=123
                 ),
+                replica_stream_specification=dynamodb.CfnGlobalTable.ReplicaStreamSpecificationProperty(
+                    resource_policy=dynamodb.CfnGlobalTable.ResourcePolicyProperty(
+                        policy_document=policy_document
+                    )
+                ),
+                resource_policy=dynamodb.CfnGlobalTable.ResourcePolicyProperty(
+                    policy_document=policy_document
+                ),
                 sse_specification=dynamodb.CfnGlobalTable.ReplicaSSESpecificationProperty(
                     kms_master_key_id="kmsMasterKeyId"
                 ),
@@ -2942,6 +2955,8 @@ class CfnGlobalTable(
             "kinesis_stream_specification": "kinesisStreamSpecification",
             "point_in_time_recovery_specification": "pointInTimeRecoverySpecification",
             "read_provisioned_throughput_settings": "readProvisionedThroughputSettings",
+            "replica_stream_specification": "replicaStreamSpecification",
+            "resource_policy": "resourcePolicy",
             "sse_specification": "sseSpecification",
             "table_class": "tableClass",
             "tags": "tags",
@@ -2958,6 +2973,8 @@ class CfnGlobalTable(
             kinesis_stream_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnGlobalTable.KinesisStreamSpecificationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             point_in_time_recovery_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnGlobalTable.PointInTimeRecoverySpecificationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             read_provisioned_throughput_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnGlobalTable.ReadProvisionedThroughputSettingsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
+            replica_stream_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnGlobalTable.ReplicaStreamSpecificationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
+            resource_policy: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnGlobalTable.ResourcePolicyProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             sse_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnGlobalTable.ReplicaSSESpecificationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             table_class: typing.Optional[builtins.str] = None,
             tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -2971,6 +2988,8 @@ class CfnGlobalTable(
             :param kinesis_stream_specification: Defines the Kinesis Data Streams configuration for the specified replica.
             :param point_in_time_recovery_specification: The settings used to enable point in time recovery. When not specified, defaults to point in time recovery disabled for the replica.
             :param read_provisioned_throughput_settings: Defines read capacity settings for the replica table.
+            :param replica_stream_specification: Represents the DynamoDB Streams configuration for a global table replica.
+            :param resource_policy: A resource-based policy document that contains permissions to add to the specified replica of a DynamoDB global table. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. In a CloudFormation template, you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to DynamoDB . For more information about resource-based policies, see `Using resource-based policies for DynamoDB <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html>`_ and `Resource-based policy examples <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html>`_ .
             :param sse_specification: Allows you to specify a customer-managed key for the replica. When using customer-managed keys for server-side encryption, this property must have a value in all replicas.
             :param table_class: The table class of the specified table. Valid values are ``STANDARD`` and ``STANDARD_INFREQUENT_ACCESS`` .
             :param tags: An array of key-value pairs to apply to this replica. For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
@@ -2984,6 +3003,8 @@ class CfnGlobalTable(
                 # The values are placeholders you should change.
                 from aws_cdk import aws_dynamodb as dynamodb
                 
+                # policy_document: Any
+                
                 replica_specification_property = dynamodb.CfnGlobalTable.ReplicaSpecificationProperty(
                     region="region",
                 
@@ -3045,6 +3066,14 @@ class CfnGlobalTable(
                         ),
                         read_capacity_units=123
                     ),
+                    replica_stream_specification=dynamodb.CfnGlobalTable.ReplicaStreamSpecificationProperty(
+                        resource_policy=dynamodb.CfnGlobalTable.ResourcePolicyProperty(
+                            policy_document=policy_document
+                        )
+                    ),
+                    resource_policy=dynamodb.CfnGlobalTable.ResourcePolicyProperty(
+                        policy_document=policy_document
+                    ),
                     sse_specification=dynamodb.CfnGlobalTable.ReplicaSSESpecificationProperty(
                         kms_master_key_id="kmsMasterKeyId"
                     ),
@@ -3064,6 +3093,8 @@ class CfnGlobalTable(
                 check_type(argname="argument kinesis_stream_specification", value=kinesis_stream_specification, expected_type=type_hints["kinesis_stream_specification"])
                 check_type(argname="argument point_in_time_recovery_specification", value=point_in_time_recovery_specification, expected_type=type_hints["point_in_time_recovery_specification"])
                 check_type(argname="argument read_provisioned_throughput_settings", value=read_provisioned_throughput_settings, expected_type=type_hints["read_provisioned_throughput_settings"])
+                check_type(argname="argument replica_stream_specification", value=replica_stream_specification, expected_type=type_hints["replica_stream_specification"])
+                check_type(argname="argument resource_policy", value=resource_policy, expected_type=type_hints["resource_policy"])
                 check_type(argname="argument sse_specification", value=sse_specification, expected_type=type_hints["sse_specification"])
                 check_type(argname="argument table_class", value=table_class, expected_type=type_hints["table_class"])
                 check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
@@ -3082,6 +3113,10 @@ class CfnGlobalTable(
                 self._values["point_in_time_recovery_specification"] = point_in_time_recovery_specification
             if read_provisioned_throughput_settings is not None:
                 self._values["read_provisioned_throughput_settings"] = read_provisioned_throughput_settings
+            if replica_stream_specification is not None:
+                self._values["replica_stream_specification"] = replica_stream_specification
+            if resource_policy is not None:
+                self._values["resource_policy"] = resource_policy
             if sse_specification is not None:
                 self._values["sse_specification"] = sse_specification
             if table_class is not None:
@@ -3171,6 +3206,32 @@ class CfnGlobalTable(
             result = self._values.get("read_provisioned_throughput_settings")
             return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnGlobalTable.ReadProvisionedThroughputSettingsProperty"]], result)
 
+        @builtins.property
+        def replica_stream_specification(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnGlobalTable.ReplicaStreamSpecificationProperty"]]:
+            '''Represents the DynamoDB Streams configuration for a global table replica.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-globaltable-replicaspecification.html#cfn-dynamodb-globaltable-replicaspecification-replicastreamspecification
+            '''
+            result = self._values.get("replica_stream_specification")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnGlobalTable.ReplicaStreamSpecificationProperty"]], result)
+
+        @builtins.property
+        def resource_policy(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnGlobalTable.ResourcePolicyProperty"]]:
+            '''A resource-based policy document that contains permissions to add to the specified replica of a DynamoDB global table.
+
+            Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource.
+
+            In a CloudFormation template, you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to DynamoDB . For more information about resource-based policies, see `Using resource-based policies for DynamoDB <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html>`_ and `Resource-based policy examples <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html>`_ .
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-globaltable-replicaspecification.html#cfn-dynamodb-globaltable-replicaspecification-resourcepolicy
+            '''
+            result = self._values.get("resource_policy")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnGlobalTable.ResourcePolicyProperty"]], result)
+
         @builtins.property
         def sse_specification(
             self,
@@ -3217,6 +3278,149 @@ class CfnGlobalTable(
                 k + "=" + repr(v) for k, v in self._values.items()
             )
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_dynamodb.CfnGlobalTable.ReplicaStreamSpecificationProperty",
+        jsii_struct_bases=[],
+        name_mapping={"resource_policy": "resourcePolicy"},
+    )
+    class ReplicaStreamSpecificationProperty:
+        def __init__(
+            self,
+            *,
+            resource_policy: typing.Union[_IResolvable_da3f097b, typing.Union["CfnGlobalTable.ResourcePolicyProperty", typing.Dict[builtins.str, typing.Any]]],
+        ) -> None:
+            '''Represents the DynamoDB Streams configuration for a global table replica.
+
+            :param resource_policy: A resource-based policy document that contains the permissions for the specified stream of a DynamoDB global table replica. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. In a CloudFormation template, you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to DynamoDB . For more information about resource-based policies, see `Using resource-based policies for DynamoDB <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html>`_ and `Resource-based policy examples <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html>`_ . You can update the ``ResourcePolicy`` property if you've specified more than one table using the `AWS ::DynamoDB::GlobalTable <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-globaltable.html>`_ resource.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-globaltable-replicastreamspecification.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_dynamodb as dynamodb
+                
+                # policy_document: Any
+                
+                replica_stream_specification_property = dynamodb.CfnGlobalTable.ReplicaStreamSpecificationProperty(
+                    resource_policy=dynamodb.CfnGlobalTable.ResourcePolicyProperty(
+                        policy_document=policy_document
+                    )
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__00848a241dcb74d0918fbddda5f7ccf1c445a7b63583f8697e2d95d334aa1bed)
+                check_type(argname="argument resource_policy", value=resource_policy, expected_type=type_hints["resource_policy"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "resource_policy": resource_policy,
+            }
+
+        @builtins.property
+        def resource_policy(
+            self,
+        ) -> typing.Union[_IResolvable_da3f097b, "CfnGlobalTable.ResourcePolicyProperty"]:
+            '''A resource-based policy document that contains the permissions for the specified stream of a DynamoDB global table replica.
+
+            Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource.
+
+            In a CloudFormation template, you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to DynamoDB . For more information about resource-based policies, see `Using resource-based policies for DynamoDB <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html>`_ and `Resource-based policy examples <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html>`_ .
+
+            You can update the ``ResourcePolicy`` property if you've specified more than one table using the `AWS ::DynamoDB::GlobalTable <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-globaltable.html>`_ resource.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-globaltable-replicastreamspecification.html#cfn-dynamodb-globaltable-replicastreamspecification-resourcepolicy
+            '''
+            result = self._values.get("resource_policy")
+            assert result is not None, "Required property 'resource_policy' is missing"
+            return typing.cast(typing.Union[_IResolvable_da3f097b, "CfnGlobalTable.ResourcePolicyProperty"], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "ReplicaStreamSpecificationProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_dynamodb.CfnGlobalTable.ResourcePolicyProperty",
+        jsii_struct_bases=[],
+        name_mapping={"policy_document": "policyDocument"},
+    )
+    class ResourcePolicyProperty:
+        def __init__(self, *, policy_document: typing.Any) -> None:
+            '''Creates or updates a resource-based policy document that contains the permissions for DynamoDB resources, such as a table, its indexes, and stream.
+
+            Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource.
+
+            In a CloudFormation template, you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to DynamoDB . For more information about resource-based policies, see `Using resource-based policies for DynamoDB <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html>`_ and `Resource-based policy examples <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html>`_ .
+
+            While defining resource-based policies in your CloudFormation templates, the following considerations apply:
+
+            - The maximum size supported for a resource-based policy document in JSON format is 20 KB. DynamoDB counts whitespaces when calculating the size of a policy against this limit.
+            - Resource-based policies don't support `drift detection <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html#>`_ . If you update a policy outside of the CloudFormation stack template, you'll need to update the CloudFormation stack with the changes.
+            - Resource-based policies don't support out-of-band changes. If you add, update, or delete a policy outside of the CloudFormation template, the change won't be overwritten if there are no changes to the policy within the template.
+
+            For example, say that your template contains a resource-based policy, which you later update outside of the template. If you don't make any changes to the policy in the template, the updated policy in DynamoDB won’t be synced with the policy in the template.
+
+            Conversely, say that your template doesn’t contain a resource-based policy, but you add a policy outside of the template. This policy won’t be removed from DynamoDB as long as you don’t add it to the template. When you add a policy to the template and update the stack, the existing policy in DynamoDB will be updated to match the one defined in the template.
+
+            - Within a resource-based policy, if the action for a DynamoDB service-linked role (SLR) to replicate data for a global table is denied, adding or deleting a replica will fail with an error.
+            - The `AWS ::DynamoDB::GlobalTable <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-globaltable.html>`_ resource doesn't support creating a replica in the same stack update in Regions other than the Region where you deploy the stack update.
+
+            For a full list of all considerations, see `Resource-based policy considerations <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-considerations.html>`_ .
+
+            :param policy_document: A resource-based policy document that contains permissions to add to the specified DynamoDB table, its indexes, and stream. In a CloudFormation template, you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to DynamoDB . For more information about resource-based policies, see `Using resource-based policies for DynamoDB <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html>`_ and `Resource-based policy examples <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html>`_ .
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-globaltable-resourcepolicy.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_dynamodb as dynamodb
+                
+                # policy_document: Any
+                
+                resource_policy_property = dynamodb.CfnGlobalTable.ResourcePolicyProperty(
+                    policy_document=policy_document
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__6007e745281a1817381b3cb8f148da677e9fde77893fbd60db054cb3b85f34db)
+                check_type(argname="argument policy_document", value=policy_document, expected_type=type_hints["policy_document"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "policy_document": policy_document,
+            }
+
+        @builtins.property
+        def policy_document(self) -> typing.Any:
+            '''A resource-based policy document that contains permissions to add to the specified DynamoDB table, its indexes, and stream.
+
+            In a CloudFormation template, you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to DynamoDB . For more information about resource-based policies, see `Using resource-based policies for DynamoDB <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html>`_ and `Resource-based policy examples <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html>`_ .
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-globaltable-resourcepolicy.html#cfn-dynamodb-globaltable-resourcepolicy-policydocument
+            '''
+            result = self._values.get("policy_document")
+            assert result is not None, "Required property 'policy_document' is missing"
+            return typing.cast(typing.Any, result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "ResourcePolicyProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_dynamodb.CfnGlobalTable.SSESpecificationProperty",
         jsii_struct_bases=[],
@@ -3676,6 +3880,8 @@ class CfnGlobalTableProps:
             # The values are placeholders you should change.
             from aws_cdk import aws_dynamodb as dynamodb
             
+            # policy_document: Any
+            
             cfn_global_table_props = dynamodb.CfnGlobalTableProps(
                 attribute_definitions=[dynamodb.CfnGlobalTable.AttributeDefinitionProperty(
                     attribute_name="attributeName",
@@ -3746,6 +3952,14 @@ class CfnGlobalTableProps:
                         ),
                         read_capacity_units=123
                     ),
+                    replica_stream_specification=dynamodb.CfnGlobalTable.ReplicaStreamSpecificationProperty(
+                        resource_policy=dynamodb.CfnGlobalTable.ResourcePolicyProperty(
+                            policy_document=policy_document
+                        )
+                    ),
+                    resource_policy=dynamodb.CfnGlobalTable.ResourcePolicyProperty(
+                        policy_document=policy_document
+                    ),
                     sse_specification=dynamodb.CfnGlobalTable.ReplicaSSESpecificationProperty(
                         kms_master_key_id="kmsMasterKeyId"
                     ),
@@ -4062,6 +4276,8 @@ class CfnTable(
         # The values are placeholders you should change.
         from aws_cdk import aws_dynamodb as dynamodb
         
+        # policy_document: Any
+        
         cfn_table = dynamodb.CfnTable(self, "MyCfnTable",
             key_schema=[dynamodb.CfnTable.KeySchemaProperty(
                 attribute_name="attributeName",
@@ -4141,6 +4357,9 @@ class CfnTable(
                 read_capacity_units=123,
                 write_capacity_units=123
             ),
+            resource_policy=dynamodb.CfnTable.ResourcePolicyProperty(
+                policy_document=policy_document
+            ),
             sse_specification=dynamodb.CfnTable.SSESpecificationProperty(
                 sse_enabled=False,
         
@@ -4149,7 +4368,12 @@ class CfnTable(
                 sse_type="sseType"
             ),
             stream_specification=dynamodb.CfnTable.StreamSpecificationProperty(
-                stream_view_type="streamViewType"
+                stream_view_type="streamViewType",
+        
+                # the properties below are optional
+                resource_policy=dynamodb.CfnTable.ResourcePolicyProperty(
+                    policy_document=policy_document
+                )
             ),
             table_class="tableClass",
             table_name="tableName",
@@ -4182,6 +4406,7 @@ class CfnTable(
         local_secondary_indexes: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnTable.LocalSecondaryIndexProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
         point_in_time_recovery_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnTable.PointInTimeRecoverySpecificationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         provisioned_throughput: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnTable.ProvisionedThroughputProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
+        resource_policy: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnTable.ResourcePolicyProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         sse_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnTable.SSESpecificationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         stream_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnTable.StreamSpecificationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         table_class: typing.Optional[builtins.str] = None,
@@ -4203,6 +4428,7 @@ class CfnTable(
         :param local_secondary_indexes: Local secondary indexes to be created on the table. You can create up to 5 local secondary indexes. Each index is scoped to a given hash key value. The size of each hash key can be up to 10 gigabytes.
         :param point_in_time_recovery_specification: The settings used to enable point in time recovery.
         :param provisioned_throughput: Throughput for the specified table, which consists of values for ``ReadCapacityUnits`` and ``WriteCapacityUnits`` . For more information about the contents of a provisioned throughput structure, see `Amazon DynamoDB Table ProvisionedThroughput <https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ProvisionedThroughput.html>`_ . If you set ``BillingMode`` as ``PROVISIONED`` , you must specify this property. If you set ``BillingMode`` as ``PAY_PER_REQUEST`` , you cannot specify this property.
+        :param resource_policy: A resource-based policy document that contains permissions to add to the specified table. In a CloudFormation template, you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to DynamoDB . For more information about resource-based policies, see `Using resource-based policies for DynamoDB <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html>`_ and `Resource-based policy examples <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html>`_ . When you attach a resource-based policy while creating a table, the policy creation is *strongly consistent* . For information about the considerations that you should keep in mind while attaching a resource-based policy, see `Resource-based policy considerations <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-considerations.html>`_ .
         :param sse_specification: Specifies the settings to enable server-side encryption.
         :param stream_specification: The settings for the DynamoDB table stream, which capture changes to items stored in the table.
         :param table_class: The table class of the new table. Valid values are ``STANDARD`` and ``STANDARD_INFREQUENT_ACCESS`` .
@@ -4226,6 +4452,7 @@ class CfnTable(
             local_secondary_indexes=local_secondary_indexes,
             point_in_time_recovery_specification=point_in_time_recovery_specification,
             provisioned_throughput=provisioned_throughput,
+            resource_policy=resource_policy,
             sse_specification=sse_specification,
             stream_specification=stream_specification,
             table_class=table_class,
@@ -4495,6 +4722,24 @@ class CfnTable(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "provisionedThroughput", value)
 
+    @builtins.property
+    @jsii.member(jsii_name="resourcePolicy")
+    def resource_policy(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnTable.ResourcePolicyProperty"]]:
+        '''A resource-based policy document that contains permissions to add to the specified table.'''
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnTable.ResourcePolicyProperty"]], jsii.get(self, "resourcePolicy"))
+
+    @resource_policy.setter
+    def resource_policy(
+        self,
+        value: typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnTable.ResourcePolicyProperty"]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__4166d9b0a925b24598927de15ecb1935d22d14f9a49469ba893db8d18421bf02)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "resourcePolicy", value)
+
     @builtins.property
     @jsii.member(jsii_name="sseSpecification")
     def sse_specification(
@@ -5640,6 +5885,78 @@ class CfnTable(
                 k + "=" + repr(v) for k, v in self._values.items()
             )
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_dynamodb.CfnTable.ResourcePolicyProperty",
+        jsii_struct_bases=[],
+        name_mapping={"policy_document": "policyDocument"},
+    )
+    class ResourcePolicyProperty:
+        def __init__(self, *, policy_document: typing.Any) -> None:
+            '''Creates or updates a resource-based policy document that contains the permissions for DynamoDB resources, such as a table, its indexes, and stream.
+
+            Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource.
+
+            In a CloudFormation template, you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to DynamoDB . For more information about resource-based policies, see `Using resource-based policies for DynamoDB <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html>`_ and `Resource-based policy examples <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html>`_ .
+
+            While defining resource-based policies in your CloudFormation templates, the following considerations apply:
+
+            - The maximum size supported for a resource-based policy document in JSON format is 20 KB. DynamoDB counts whitespaces when calculating the size of a policy against this limit.
+            - Resource-based policies don't support `drift detection <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html#>`_ . If you update a policy outside of the CloudFormation stack template, you'll need to update the CloudFormation stack with the changes.
+            - Resource-based policies don't support out-of-band changes. If you add, update, or delete a policy outside of the CloudFormation template, the change won't be overwritten if there are no changes to the policy within the template.
+
+            For example, say that your template contains a resource-based policy, which you later update outside of the template. If you don't make any changes to the policy in the template, the updated policy in DynamoDB won’t be synced with the policy in the template.
+
+            Conversely, say that your template doesn’t contain a resource-based policy, but you add a policy outside of the template. This policy won’t be removed from DynamoDB as long as you don’t add it to the template. When you add a policy to the template and update the stack, the existing policy in DynamoDB will be updated to match the one defined in the template.
+
+            For a full list of all considerations, see `Resource-based policy considerations <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-considerations.html>`_ .
+
+            :param policy_document: A resource-based policy document that contains permissions to add to the specified DynamoDB table, index, or both. In a CloudFormation template, you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to DynamoDB . For more information about resource-based policies, see `Using resource-based policies for DynamoDB <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html>`_ and `Resource-based policy examples <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html>`_ .
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-table-resourcepolicy.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_dynamodb as dynamodb
+                
+                # policy_document: Any
+                
+                resource_policy_property = dynamodb.CfnTable.ResourcePolicyProperty(
+                    policy_document=policy_document
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__64c1cb1f4d183fca5b703f524bc57bfa5f9515fd97acd86171b92226b4e11ca3)
+                check_type(argname="argument policy_document", value=policy_document, expected_type=type_hints["policy_document"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "policy_document": policy_document,
+            }
+
+        @builtins.property
+        def policy_document(self) -> typing.Any:
+            '''A resource-based policy document that contains permissions to add to the specified DynamoDB table, index, or both.
+
+            In a CloudFormation template, you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to DynamoDB . For more information about resource-based policies, see `Using resource-based policies for DynamoDB <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html>`_ and `Resource-based policy examples <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html>`_ .
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-table-resourcepolicy.html#cfn-dynamodb-table-resourcepolicy-policydocument
+            '''
+            result = self._values.get("policy_document")
+            assert result is not None, "Required property 'policy_document' is missing"
+            return typing.cast(typing.Any, result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "ResourcePolicyProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_dynamodb.CfnTable.S3BucketSourceProperty",
         jsii_struct_bases=[],
@@ -5835,13 +6152,22 @@ class CfnTable(
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_dynamodb.CfnTable.StreamSpecificationProperty",
         jsii_struct_bases=[],
-        name_mapping={"stream_view_type": "streamViewType"},
+        name_mapping={
+            "stream_view_type": "streamViewType",
+            "resource_policy": "resourcePolicy",
+        },
     )
     class StreamSpecificationProperty:
-        def __init__(self, *, stream_view_type: builtins.str) -> None:
+        def __init__(
+            self,
+            *,
+            stream_view_type: builtins.str,
+            resource_policy: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnTable.ResourcePolicyProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
+        ) -> None:
             '''Represents the DynamoDB Streams configuration for a table in DynamoDB.
 
             :param stream_view_type: When an item in the table is modified, ``StreamViewType`` determines what information is written to the stream for this table. Valid values for ``StreamViewType`` are: - ``KEYS_ONLY`` - Only the key attributes of the modified item are written to the stream. - ``NEW_IMAGE`` - The entire item, as it appears after it was modified, is written to the stream. - ``OLD_IMAGE`` - The entire item, as it appeared before it was modified, is written to the stream. - ``NEW_AND_OLD_IMAGES`` - Both the new and the old item images of the item are written to the stream.
+            :param resource_policy: Creates or updates a resource-based policy document that contains the permissions for DynamoDB resources, such as a table's streams. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. In a CloudFormation template, you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to DynamoDB . For more information about resource-based policies, see `Using resource-based policies for DynamoDB <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html>`_ and `Resource-based policy examples <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-table-streamspecification.html
             :exampleMetadata: fixture=_generated
@@ -5852,16 +6178,26 @@ class CfnTable(
                 # The values are placeholders you should change.
                 from aws_cdk import aws_dynamodb as dynamodb
                 
+                # policy_document: Any
+                
                 stream_specification_property = dynamodb.CfnTable.StreamSpecificationProperty(
-                    stream_view_type="streamViewType"
+                    stream_view_type="streamViewType",
+                
+                    # the properties below are optional
+                    resource_policy=dynamodb.CfnTable.ResourcePolicyProperty(
+                        policy_document=policy_document
+                    )
                 )
             '''
             if __debug__:
                 type_hints = typing.get_type_hints(_typecheckingstub__3099d6d2aee077548b7bec617449da8355169637f0983749d3191a63e00a1c72)
                 check_type(argname="argument stream_view_type", value=stream_view_type, expected_type=type_hints["stream_view_type"])
+                check_type(argname="argument resource_policy", value=resource_policy, expected_type=type_hints["resource_policy"])
             self._values: typing.Dict[builtins.str, typing.Any] = {
                 "stream_view_type": stream_view_type,
             }
+            if resource_policy is not None:
+                self._values["resource_policy"] = resource_policy
 
         @builtins.property
         def stream_view_type(self) -> builtins.str:
@@ -5880,6 +6216,21 @@ class CfnTable(
             assert result is not None, "Required property 'stream_view_type' is missing"
             return typing.cast(builtins.str, result)
 
+        @builtins.property
+        def resource_policy(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnTable.ResourcePolicyProperty"]]:
+            '''Creates or updates a resource-based policy document that contains the permissions for DynamoDB resources, such as a table's streams.
+
+            Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource.
+
+            In a CloudFormation template, you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to DynamoDB . For more information about resource-based policies, see `Using resource-based policies for DynamoDB <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html>`_ and `Resource-based policy examples <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html>`_ .
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-table-streamspecification.html#cfn-dynamodb-table-streamspecification-resourcepolicy
+            '''
+            result = self._values.get("resource_policy")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnTable.ResourcePolicyProperty"]], result)
+
         def __eq__(self, rhs: typing.Any) -> builtins.bool:
             return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -5985,6 +6336,7 @@ class CfnTable(
         "local_secondary_indexes": "localSecondaryIndexes",
         "point_in_time_recovery_specification": "pointInTimeRecoverySpecification",
         "provisioned_throughput": "provisionedThroughput",
+        "resource_policy": "resourcePolicy",
         "sse_specification": "sseSpecification",
         "stream_specification": "streamSpecification",
         "table_class": "tableClass",
@@ -6008,6 +6360,7 @@ class CfnTableProps:
         local_secondary_indexes: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTable.LocalSecondaryIndexProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
         point_in_time_recovery_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTable.PointInTimeRecoverySpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         provisioned_throughput: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTable.ProvisionedThroughputProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+        resource_policy: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTable.ResourcePolicyProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         sse_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTable.SSESpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         stream_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTable.StreamSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         table_class: typing.Optional[builtins.str] = None,
@@ -6028,6 +6381,7 @@ class CfnTableProps:
         :param local_secondary_indexes: Local secondary indexes to be created on the table. You can create up to 5 local secondary indexes. Each index is scoped to a given hash key value. The size of each hash key can be up to 10 gigabytes.
         :param point_in_time_recovery_specification: The settings used to enable point in time recovery.
         :param provisioned_throughput: Throughput for the specified table, which consists of values for ``ReadCapacityUnits`` and ``WriteCapacityUnits`` . For more information about the contents of a provisioned throughput structure, see `Amazon DynamoDB Table ProvisionedThroughput <https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ProvisionedThroughput.html>`_ . If you set ``BillingMode`` as ``PROVISIONED`` , you must specify this property. If you set ``BillingMode`` as ``PAY_PER_REQUEST`` , you cannot specify this property.
+        :param resource_policy: A resource-based policy document that contains permissions to add to the specified table. In a CloudFormation template, you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to DynamoDB . For more information about resource-based policies, see `Using resource-based policies for DynamoDB <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html>`_ and `Resource-based policy examples <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html>`_ . When you attach a resource-based policy while creating a table, the policy creation is *strongly consistent* . For information about the considerations that you should keep in mind while attaching a resource-based policy, see `Resource-based policy considerations <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-considerations.html>`_ .
         :param sse_specification: Specifies the settings to enable server-side encryption.
         :param stream_specification: The settings for the DynamoDB table stream, which capture changes to items stored in the table.
         :param table_class: The table class of the new table. Valid values are ``STANDARD`` and ``STANDARD_INFREQUENT_ACCESS`` .
@@ -6044,6 +6398,8 @@ class CfnTableProps:
             # The values are placeholders you should change.
             from aws_cdk import aws_dynamodb as dynamodb
             
+            # policy_document: Any
+            
             cfn_table_props = dynamodb.CfnTableProps(
                 key_schema=[dynamodb.CfnTable.KeySchemaProperty(
                     attribute_name="attributeName",
@@ -6123,6 +6479,9 @@ class CfnTableProps:
                     read_capacity_units=123,
                     write_capacity_units=123
                 ),
+                resource_policy=dynamodb.CfnTable.ResourcePolicyProperty(
+                    policy_document=policy_document
+                ),
                 sse_specification=dynamodb.CfnTable.SSESpecificationProperty(
                     sse_enabled=False,
             
@@ -6131,7 +6490,12 @@ class CfnTableProps:
                     sse_type="sseType"
                 ),
                 stream_specification=dynamodb.CfnTable.StreamSpecificationProperty(
-                    stream_view_type="streamViewType"
+                    stream_view_type="streamViewType",
+            
+                    # the properties below are optional
+                    resource_policy=dynamodb.CfnTable.ResourcePolicyProperty(
+                        policy_document=policy_document
+                    )
                 ),
                 table_class="tableClass",
                 table_name="tableName",
@@ -6160,6 +6524,7 @@ class CfnTableProps:
             check_type(argname="argument local_secondary_indexes", value=local_secondary_indexes, expected_type=type_hints["local_secondary_indexes"])
             check_type(argname="argument point_in_time_recovery_specification", value=point_in_time_recovery_specification, expected_type=type_hints["point_in_time_recovery_specification"])
             check_type(argname="argument provisioned_throughput", value=provisioned_throughput, expected_type=type_hints["provisioned_throughput"])
+            check_type(argname="argument resource_policy", value=resource_policy, expected_type=type_hints["resource_policy"])
             check_type(argname="argument sse_specification", value=sse_specification, expected_type=type_hints["sse_specification"])
             check_type(argname="argument stream_specification", value=stream_specification, expected_type=type_hints["stream_specification"])
             check_type(argname="argument table_class", value=table_class, expected_type=type_hints["table_class"])
@@ -6189,6 +6554,8 @@ class CfnTableProps:
             self._values["point_in_time_recovery_specification"] = point_in_time_recovery_specification
         if provisioned_throughput is not None:
             self._values["provisioned_throughput"] = provisioned_throughput
+        if resource_policy is not None:
+            self._values["resource_policy"] = resource_policy
         if sse_specification is not None:
             self._values["sse_specification"] = sse_specification
         if stream_specification is not None:
@@ -6358,6 +6725,21 @@ class CfnTableProps:
         result = self._values.get("provisioned_throughput")
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, CfnTable.ProvisionedThroughputProperty]], result)
 
+    @builtins.property
+    def resource_policy(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnTable.ResourcePolicyProperty]]:
+        '''A resource-based policy document that contains permissions to add to the specified table.
+
+        In a CloudFormation template, you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to DynamoDB . For more information about resource-based policies, see `Using resource-based policies for DynamoDB <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html>`_ and `Resource-based policy examples <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html>`_ .
+
+        When you attach a resource-based policy while creating a table, the policy creation is *strongly consistent* . For information about the considerations that you should keep in mind while attaching a resource-based policy, see `Resource-based policy considerations <https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-considerations.html>`_ .
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html#cfn-dynamodb-table-resourcepolicy
+        '''
+        result = self._values.get("resource_policy")
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, CfnTable.ResourcePolicyProperty]], result)
+
     @builtins.property
     def sse_specification(
         self,
@@ -13821,6 +14203,8 @@ def _typecheckingstub__912e2bc047b1f65121a39316718e5632909682a5243ef8e21ead42e3e
     kinesis_stream_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnGlobalTable.KinesisStreamSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     point_in_time_recovery_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnGlobalTable.PointInTimeRecoverySpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     read_provisioned_throughput_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnGlobalTable.ReadProvisionedThroughputSettingsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+    replica_stream_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnGlobalTable.ReplicaStreamSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+    resource_policy: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnGlobalTable.ResourcePolicyProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     sse_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnGlobalTable.ReplicaSSESpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     table_class: typing.Optional[builtins.str] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -13828,6 +14212,20 @@ def _typecheckingstub__912e2bc047b1f65121a39316718e5632909682a5243ef8e21ead42e3e
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__00848a241dcb74d0918fbddda5f7ccf1c445a7b63583f8697e2d95d334aa1bed(
+    *,
+    resource_policy: typing.Union[_IResolvable_da3f097b, typing.Union[CfnGlobalTable.ResourcePolicyProperty, typing.Dict[builtins.str, typing.Any]]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__6007e745281a1817381b3cb8f148da677e9fde77893fbd60db054cb3b85f34db(
+    *,
+    policy_document: typing.Any,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__ea2cb67b1629904043fec37c484f260e58078624f7b496fe52fc2201d365e1c8(
     *,
     sse_enabled: typing.Union[builtins.bool, _IResolvable_da3f097b],
@@ -13900,6 +14298,7 @@ def _typecheckingstub__9c4a83992df200bfde2ccfe129994eeacab105432a2509473861feb73
     local_secondary_indexes: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTable.LocalSecondaryIndexProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
     point_in_time_recovery_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTable.PointInTimeRecoverySpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     provisioned_throughput: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTable.ProvisionedThroughputProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+    resource_policy: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTable.ResourcePolicyProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     sse_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTable.SSESpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     stream_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTable.StreamSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     table_class: typing.Optional[builtins.str] = None,
@@ -13988,6 +14387,12 @@ def _typecheckingstub__6fa8ca064a9e23781245ca2f3d32d36a2324726abba76565a2e12ac5e
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__4166d9b0a925b24598927de15ecb1935d22d14f9a49469ba893db8d18421bf02(
+    value: typing.Optional[typing.Union[_IResolvable_da3f097b, CfnTable.ResourcePolicyProperty]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__bc5e50032964d91e0cf5ec36aba75b6ae325bfe6129ad9f55764353e645b28c6(
     value: typing.Optional[typing.Union[_IResolvable_da3f097b, CfnTable.SSESpecificationProperty]],
 ) -> None:
@@ -14123,6 +14528,13 @@ def _typecheckingstub__2c605785147b4a82f1aad9bc135fb470b73358c151d323493ae3f1cde
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__64c1cb1f4d183fca5b703f524bc57bfa5f9515fd97acd86171b92226b4e11ca3(
+    *,
+    policy_document: typing.Any,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__f675acfe91cced819ac46665a50bf155c45e71e78313e471666e0e9d708883e2(
     *,
     s3_bucket: builtins.str,
@@ -14144,6 +14556,7 @@ def _typecheckingstub__23b0abf52d7df3f9a3b741c39275e55783b349db0f08ac16d13c3d832
 def _typecheckingstub__3099d6d2aee077548b7bec617449da8355169637f0983749d3191a63e00a1c72(
     *,
     stream_view_type: builtins.str,
+    resource_policy: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTable.ResourcePolicyProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -14169,6 +14582,7 @@ def _typecheckingstub__0b7f8e29621d526383ce725f2daafbe00b52cfe2381995edac86b72a6
     local_secondary_indexes: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTable.LocalSecondaryIndexProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
     point_in_time_recovery_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTable.PointInTimeRecoverySpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     provisioned_throughput: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTable.ProvisionedThroughputProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+    resource_policy: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTable.ResourcePolicyProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     sse_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTable.SSESpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     stream_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTable.StreamSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     table_class: typing.Optional[builtins.str] = None,