aws-cdk-lib 2.136.1__py3-none-any.whl → 2.138.0__py3-none-any.whl

aws_cdk/aws_globalaccelerator/__init__.py

@@ -220,6 +220,7 @@ from .. import (
     IResolvable as _IResolvable_da3f097b,
     IResource as _IResource_c80c4260,
     ITaggable as _ITaggable_36806126,
+    ITaggableV2 as _ITaggableV2_4e6798f8,
     Resource as _Resource_45bc6135,
     TagManager as _TagManager_0a598cb3,
     TreeInspector as _TreeInspector_488e0dd5,
@@ -840,6 +841,380 @@ class CfnAcceleratorProps:
         )
 
 
+@jsii.implements(_IInspectable_c2943556, _ITaggableV2_4e6798f8)
+class CfnCrossAccountAttachment(
+    _CfnResource_9df397a6,
+    metaclass=jsii.JSIIMeta,
+    jsii_type="aws-cdk-lib.aws_globalaccelerator.CfnCrossAccountAttachment",
+):
+    '''Create a cross-account attachment in AWS Global Accelerator .
+
+    You create a cross-account attachment to specify the *principals* who have permission to work with *resources* in accelerators in their own account. You specify, in the same attachment, the resources that are shared.
+
+    A principal can be an AWS account number or the Amazon Resource Name (ARN) for an accelerator. For account numbers that are listed as principals, to work with a resource listed in the attachment, you must sign in to an account specified as a principal. Then, you can work with resources that are listed, with any of your accelerators. If an accelerator ARN is listed in the cross-account attachment as a principal, anyone with permission to make updates to the accelerator can work with resources that are listed in the attachment.
+
+    Specify each principal and resource separately. To specify two CIDR address pools, list them individually under ``Resources`` , and so on. For a command line operation, for example, you might use a statement like the following:
+
+    ``"Resources": [{"Cidr": "169.254.60.0/24"},{"Cidr": "169.254.59.0/24"}]``
+
+    For more information, see `Working with cross-account attachments and resources in AWS Global Accelerator <https://docs.aws.amazon.com/global-accelerator/latest/dg/cross-account-resources.html>`_ in the *AWS Global Accelerator Developer Guide* .
+
+    :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-globalaccelerator-crossaccountattachment.html
+    :cloudformationResource: AWS::GlobalAccelerator::CrossAccountAttachment
+    :exampleMetadata: fixture=_generated
+
+    Example::
+
+        # The code below shows an example of how to instantiate this type.
+        # The values are placeholders you should change.
+        from aws_cdk import aws_globalaccelerator as globalaccelerator
+        
+        cfn_cross_account_attachment = globalaccelerator.CfnCrossAccountAttachment(self, "MyCfnCrossAccountAttachment",
+            name="name",
+        
+            # the properties below are optional
+            principals=["principals"],
+            resources=[globalaccelerator.CfnCrossAccountAttachment.ResourceProperty(
+                endpoint_id="endpointId",
+        
+                # the properties below are optional
+                region="region"
+            )],
+            tags=[CfnTag(
+                key="key",
+                value="value"
+            )]
+        )
+    '''
+
+    def __init__(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        *,
+        name: builtins.str,
+        principals: typing.Optional[typing.Sequence[builtins.str]] = None,
+        resources: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnCrossAccountAttachment.ResourceProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
+        tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
+    ) -> None:
+        '''
+        :param scope: Scope in which this resource is defined.
+        :param id: Construct identifier for this resource (unique in its scope).
+        :param name: The Friendly identifier of the attachment.
+        :param principals: Principals to share the resources with.
+        :param resources: Resources shared using the attachment.
+        :param tags: 
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__ba1ec3d469e5dcabcf7399e8e8e79a3f5365c953f4994522f2f99f4785e9351d)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        props = CfnCrossAccountAttachmentProps(
+            name=name, principals=principals, resources=resources, tags=tags
+        )
+
+        jsii.create(self.__class__, self, [scope, id, props])
+
+    @jsii.member(jsii_name="inspect")
+    def inspect(self, inspector: _TreeInspector_488e0dd5) -> None:
+        '''Examines the CloudFormation resource and discloses attributes.
+
+        :param inspector: tree inspector to collect and process attributes.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__22786fe9cf42aaba90a851e34bed5295d6cb83ef62c09ae6bc29c753ad99c5ff)
+            check_type(argname="argument inspector", value=inspector, expected_type=type_hints["inspector"])
+        return typing.cast(None, jsii.invoke(self, "inspect", [inspector]))
+
+    @jsii.member(jsii_name="renderProperties")
+    def _render_properties(
+        self,
+        props: typing.Mapping[builtins.str, typing.Any],
+    ) -> typing.Mapping[builtins.str, typing.Any]:
+        '''
+        :param props: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__7cd632424889de088176e87245805d03f5bdd773dc61b13fb9b6b0ca8d5801b5)
+            check_type(argname="argument props", value=props, expected_type=type_hints["props"])
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.invoke(self, "renderProperties", [props]))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="CFN_RESOURCE_TYPE_NAME")
+    def CFN_RESOURCE_TYPE_NAME(cls) -> builtins.str:
+        '''The CloudFormation resource type name for this resource class.'''
+        return typing.cast(builtins.str, jsii.sget(cls, "CFN_RESOURCE_TYPE_NAME"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrAttachmentArn")
+    def attr_attachment_arn(self) -> builtins.str:
+        '''The Amazon Resource Name (ARN) of the attachment.
+
+        :cloudformationAttribute: AttachmentArn
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrAttachmentArn"))
+
+    @builtins.property
+    @jsii.member(jsii_name="cdkTagManager")
+    def cdk_tag_manager(self) -> _TagManager_0a598cb3:
+        '''Tag Manager which manages the tags for this resource.'''
+        return typing.cast(_TagManager_0a598cb3, jsii.get(self, "cdkTagManager"))
+
+    @builtins.property
+    @jsii.member(jsii_name="cfnProperties")
+    def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
+
+    @builtins.property
+    @jsii.member(jsii_name="name")
+    def name(self) -> builtins.str:
+        '''The Friendly identifier of the attachment.'''
+        return typing.cast(builtins.str, jsii.get(self, "name"))
+
+    @name.setter
+    def name(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__19782d3e7f6cd3af16e9e78c249289e2593a7ff1d4e1c7a86db71dc5f399fb46)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "name", value)
+
+    @builtins.property
+    @jsii.member(jsii_name="principals")
+    def principals(self) -> typing.Optional[typing.List[builtins.str]]:
+        '''Principals to share the resources with.'''
+        return typing.cast(typing.Optional[typing.List[builtins.str]], jsii.get(self, "principals"))
+
+    @principals.setter
+    def principals(self, value: typing.Optional[typing.List[builtins.str]]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__08ec8314d2cbd2120a78129320bf34d1678991d2ed2d2b8df5bf723a99a7c254)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "principals", value)
+
+    @builtins.property
+    @jsii.member(jsii_name="resources")
+    def resources(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnCrossAccountAttachment.ResourceProperty"]]]]:
+        '''Resources shared using the attachment.'''
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnCrossAccountAttachment.ResourceProperty"]]]], jsii.get(self, "resources"))
+
+    @resources.setter
+    def resources(
+        self,
+        value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnCrossAccountAttachment.ResourceProperty"]]]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__4e879fec7df8ee76103a0479812b95ae371bbbe6b3312bbaebe1d912c7185fd3)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "resources", value)
+
+    @builtins.property
+    @jsii.member(jsii_name="tags")
+    def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
+        return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tags"))
+
+    @tags.setter
+    def tags(self, value: typing.Optional[typing.List[_CfnTag_f6864754]]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__41d583733963eebabfa0286562bcae1a6871814ce66e72f32e495b730a151c15)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "tags", value)
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_globalaccelerator.CfnCrossAccountAttachment.ResourceProperty",
+        jsii_struct_bases=[],
+        name_mapping={"endpoint_id": "endpointId", "region": "region"},
+    )
+    class ResourceProperty:
+        def __init__(
+            self,
+            *,
+            endpoint_id: builtins.str,
+            region: typing.Optional[builtins.str] = None,
+        ) -> None:
+            '''A resource is one of the following: the ARN for an AWS resource that is supported by AWS Global Accelerator to be added as an endpoint, or a CIDR range that specifies a bring your own IP (BYOIP) address pool.
+
+            :param endpoint_id: The endpoint ID for the endpoint that is specified as a AWS resource. An endpoint ID for the cross-account feature is the ARN of an AWS resource, such as a Network Load Balancer, that Global Accelerator supports as an endpoint for an accelerator.
+            :param region: The AWS Region where a shared endpoint resource is located.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-globalaccelerator-crossaccountattachment-resource.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_globalaccelerator as globalaccelerator
+                
+                resource_property = globalaccelerator.CfnCrossAccountAttachment.ResourceProperty(
+                    endpoint_id="endpointId",
+                
+                    # the properties below are optional
+                    region="region"
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__7bd30ea319625d12c404c84e89e35a95437c89cec1dad797148fd3a2c913ddb7)
+                check_type(argname="argument endpoint_id", value=endpoint_id, expected_type=type_hints["endpoint_id"])
+                check_type(argname="argument region", value=region, expected_type=type_hints["region"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "endpoint_id": endpoint_id,
+            }
+            if region is not None:
+                self._values["region"] = region
+
+        @builtins.property
+        def endpoint_id(self) -> builtins.str:
+            '''The endpoint ID for the endpoint that is specified as a AWS resource.
+
+            An endpoint ID for the cross-account feature is the ARN of an AWS resource, such as a Network Load Balancer, that Global Accelerator supports as an endpoint for an accelerator.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-globalaccelerator-crossaccountattachment-resource.html#cfn-globalaccelerator-crossaccountattachment-resource-endpointid
+            '''
+            result = self._values.get("endpoint_id")
+            assert result is not None, "Required property 'endpoint_id' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def region(self) -> typing.Optional[builtins.str]:
+            '''The AWS Region where a shared endpoint resource is located.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-globalaccelerator-crossaccountattachment-resource.html#cfn-globalaccelerator-crossaccountattachment-resource-region
+            '''
+            result = self._values.get("region")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "ResourceProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_globalaccelerator.CfnCrossAccountAttachmentProps",
+    jsii_struct_bases=[],
+    name_mapping={
+        "name": "name",
+        "principals": "principals",
+        "resources": "resources",
+        "tags": "tags",
+    },
+)
+class CfnCrossAccountAttachmentProps:
+    def __init__(
+        self,
+        *,
+        name: builtins.str,
+        principals: typing.Optional[typing.Sequence[builtins.str]] = None,
+        resources: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnCrossAccountAttachment.ResourceProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+        tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
+    ) -> None:
+        '''Properties for defining a ``CfnCrossAccountAttachment``.
+
+        :param name: The Friendly identifier of the attachment.
+        :param principals: Principals to share the resources with.
+        :param resources: Resources shared using the attachment.
+        :param tags: 
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-globalaccelerator-crossaccountattachment.html
+        :exampleMetadata: fixture=_generated
+
+        Example::
+
+            # The code below shows an example of how to instantiate this type.
+            # The values are placeholders you should change.
+            from aws_cdk import aws_globalaccelerator as globalaccelerator
+            
+            cfn_cross_account_attachment_props = globalaccelerator.CfnCrossAccountAttachmentProps(
+                name="name",
+            
+                # the properties below are optional
+                principals=["principals"],
+                resources=[globalaccelerator.CfnCrossAccountAttachment.ResourceProperty(
+                    endpoint_id="endpointId",
+            
+                    # the properties below are optional
+                    region="region"
+                )],
+                tags=[CfnTag(
+                    key="key",
+                    value="value"
+                )]
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__8cf43e1c90e824b6fcd56b5cbed6fc8b38a0a663b52303ae4fd2eac734194141)
+            check_type(argname="argument name", value=name, expected_type=type_hints["name"])
+            check_type(argname="argument principals", value=principals, expected_type=type_hints["principals"])
+            check_type(argname="argument resources", value=resources, expected_type=type_hints["resources"])
+            check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "name": name,
+        }
+        if principals is not None:
+            self._values["principals"] = principals
+        if resources is not None:
+            self._values["resources"] = resources
+        if tags is not None:
+            self._values["tags"] = tags
+
+    @builtins.property
+    def name(self) -> builtins.str:
+        '''The Friendly identifier of the attachment.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-globalaccelerator-crossaccountattachment.html#cfn-globalaccelerator-crossaccountattachment-name
+        '''
+        result = self._values.get("name")
+        assert result is not None, "Required property 'name' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def principals(self) -> typing.Optional[typing.List[builtins.str]]:
+        '''Principals to share the resources with.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-globalaccelerator-crossaccountattachment.html#cfn-globalaccelerator-crossaccountattachment-principals
+        '''
+        result = self._values.get("principals")
+        return typing.cast(typing.Optional[typing.List[builtins.str]], result)
+
+    @builtins.property
+    def resources(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnCrossAccountAttachment.ResourceProperty]]]]:
+        '''Resources shared using the attachment.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-globalaccelerator-crossaccountattachment.html#cfn-globalaccelerator-crossaccountattachment-resources
+        '''
+        result = self._values.get("resources")
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnCrossAccountAttachment.ResourceProperty]]]], result)
+
+    @builtins.property
+    def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
+        '''
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-globalaccelerator-crossaccountattachment.html#cfn-globalaccelerator-crossaccountattachment-tags
+        '''
+        result = self._values.get("tags")
+        return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "CfnCrossAccountAttachmentProps(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
 @jsii.implements(_IInspectable_c2943556)
 class CfnEndpointGroup(
     _CfnResource_9df397a6,
@@ -3756,6 +4131,8 @@ __all__ = [
     "AcceleratorProps",
     "CfnAccelerator",
     "CfnAcceleratorProps",
+    "CfnCrossAccountAttachment",
+    "CfnCrossAccountAttachmentProps",
     "CfnEndpointGroup",
     "CfnEndpointGroupProps",
     "CfnListener",
@@ -3869,6 +4246,72 @@ def _typecheckingstub__5a2b1dd32a23d6d5146bbceed209c5576192a998d13fcf3817f2dc4f8
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__ba1ec3d469e5dcabcf7399e8e8e79a3f5365c953f4994522f2f99f4785e9351d(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    *,
+    name: builtins.str,
+    principals: typing.Optional[typing.Sequence[builtins.str]] = None,
+    resources: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnCrossAccountAttachment.ResourceProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+    tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__22786fe9cf42aaba90a851e34bed5295d6cb83ef62c09ae6bc29c753ad99c5ff(
+    inspector: _TreeInspector_488e0dd5,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__7cd632424889de088176e87245805d03f5bdd773dc61b13fb9b6b0ca8d5801b5(
+    props: typing.Mapping[builtins.str, typing.Any],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__19782d3e7f6cd3af16e9e78c249289e2593a7ff1d4e1c7a86db71dc5f399fb46(
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__08ec8314d2cbd2120a78129320bf34d1678991d2ed2d2b8df5bf723a99a7c254(
+    value: typing.Optional[typing.List[builtins.str]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__4e879fec7df8ee76103a0479812b95ae371bbbe6b3312bbaebe1d912c7185fd3(
+    value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnCrossAccountAttachment.ResourceProperty]]]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__41d583733963eebabfa0286562bcae1a6871814ce66e72f32e495b730a151c15(
+    value: typing.Optional[typing.List[_CfnTag_f6864754]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__7bd30ea319625d12c404c84e89e35a95437c89cec1dad797148fd3a2c913ddb7(
+    *,
+    endpoint_id: builtins.str,
+    region: typing.Optional[builtins.str] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__8cf43e1c90e824b6fcd56b5cbed6fc8b38a0a663b52303ae4fd2eac734194141(
+    *,
+    name: builtins.str,
+    principals: typing.Optional[typing.Sequence[builtins.str]] = None,
+    resources: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnCrossAccountAttachment.ResourceProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+    tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__d4abd958de92d302b6b9aa605f8d58d76fb06143d26797b6f9d857004005dd21(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,

aws_cdk/aws_iam/__init__.py

@@ -2432,8 +2432,7 @@ class CfnManagedPolicy(
     @builtins.property
     @jsii.member(jsii_name="attrPolicyArn")
     def attr_policy_arn(self) -> builtins.str:
-        '''Amazon Resource Name (ARN) of the managed policy.
-
+        '''
         :cloudformationAttribute: PolicyArn
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrPolicyArn"))
@@ -9907,24 +9906,20 @@ class PolicyStatement(
 
     Example::
 
-        cross_account_role_arn = "arn:aws:iam::OTHERACCOUNT:role/CrossAccountRoleName" # arn of role deployed in separate account
+        # destination_bucket: s3.Bucket
         
-        call_region = "us-west-1" # sdk call to be made in specified region (optional)
         
-        cr.AwsCustomResource(self, "CrossAccount",
-            on_create=cr.AwsSdkCall(
-                assumed_role_arn=cross_account_role_arn,
-                region=call_region,  # optional
-                service="sts",
-                action="GetCallerIdentity",
-                physical_resource_id=cr.PhysicalResourceId.of("id")
-            ),
-            policy=cr.AwsCustomResourcePolicy.from_statements([iam.PolicyStatement.from_json({
-                "Effect": "Allow",
-                "Action": "sts:AssumeRole",
-                "Resource": cross_account_role_arn
-            })])
+        deployment = s3deploy.BucketDeployment(self, "DeployFiles",
+            sources=[s3deploy.Source.asset(path.join(__dirname, "source-files"))],
+            destination_bucket=destination_bucket
         )
+        
+        deployment.handler_role.add_to_policy(
+            iam.PolicyStatement(
+                actions=["kms:Decrypt", "kms:DescribeKey"],
+                effect=iam.Effect.ALLOW,
+                resources=["<encryption key ARN>"]
+            ))
     '''
 
     def __init__(
@@ -10468,35 +10463,24 @@ class PolicyStatementProps:
         :param resources: Resource ARNs to add to the statement. Default: - no resources
         :param sid: The Sid (statement ID) is an optional identifier that you provide for the policy statement. You can assign a Sid value to each statement in a statement array. In services that let you specify an ID element, such as SQS and SNS, the Sid value is just a sub-ID of the policy document's ID. In IAM, the Sid value must be unique within a JSON policy. Default: - no sid
 
-        :exampleMetadata: lit=aws-ec2/test/integ.vpc-endpoint.lit.ts infused
+        :exampleMetadata: infused
 
         Example::
 
-            # Add gateway endpoints when creating the VPC
-            vpc = ec2.Vpc(self, "MyVpc",
-                gateway_endpoints={
-                    "S3": cdk.aws_ec2.GatewayVpcEndpointOptions(
-                        service=ec2.GatewayVpcEndpointAwsService.S3
-                    )
-                }
-            )
-            
-            # Alternatively gateway endpoints can be added on the VPC
-            dynamo_db_endpoint = vpc.add_gateway_endpoint("DynamoDbEndpoint",
-                service=ec2.GatewayVpcEndpointAwsService.DYNAMODB
-            )
+            # destination_bucket: s3.Bucket
             
-            # This allows to customize the endpoint policy
-            dynamo_db_endpoint.add_to_policy(
-                iam.PolicyStatement( # Restrict to listing and describing tables
-                    principals=[iam.AnyPrincipal()],
-                    actions=["dynamodb:DescribeTable", "dynamodb:ListTables"],
-                    resources=["*"]))
             
-            # Add an interface endpoint
-            vpc.add_interface_endpoint("EcrDockerEndpoint",
-                service=ec2.InterfaceVpcEndpointAwsService.ECR_DOCKER
+            deployment = s3deploy.BucketDeployment(self, "DeployFiles",
+                sources=[s3deploy.Source.asset(path.join(__dirname, "source-files"))],
+                destination_bucket=destination_bucket
             )
+            
+            deployment.handler_role.add_to_policy(
+                iam.PolicyStatement(
+                    actions=["kms:Decrypt", "kms:DescribeKey"],
+                    effect=iam.Effect.ALLOW,
+                    resources=["<encryption key ARN>"]
+                ))
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__b1307ab5f5dd84b7184f36603f7af026efb2798812c35c96dbe60552fff14c3b)

aws_cdk/aws_internetmonitor/__init__.py

@@ -141,9 +141,9 @@ class CfnMonitor(
         :param id: Construct identifier for this resource (unique in its scope).
         :param monitor_name: The name of the monitor. A monitor name can contain only alphanumeric characters, dashes (-), periods (.), and underscores (_).
         :param health_events_config: A complex type with the configuration information that determines the threshold and other conditions for when Internet Monitor creates a health event for an overall performance or availability issue, across an application's geographies. Defines the percentages, for overall performance scores and availability scores for an application, that are the thresholds for when Amazon CloudWatch Internet Monitor creates a health event. You can override the defaults to set a custom threshold for overall performance or availability scores, or both. You can also set thresholds for local health scores,, where Internet Monitor creates a health event when scores cross a threshold for one or more city-networks, in addition to creating an event when an overall score crosses a threshold. If you don't set a health event threshold, the default value is 95%. For local thresholds, you also set a minimum percentage of overall traffic that is impacted by an issue before Internet Monitor creates an event. In addition, you can disable local thresholds, for performance scores, availability scores, or both. For more information, see `Change health event thresholds <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-IM-overview.html#IMUpdateThresholdFromOverview>`_ in the Internet Monitor section of the *CloudWatch User Guide* .
-        :param include_linked_accounts: 
+        :param include_linked_accounts: A boolean option that you can set to ``TRUE`` to include monitors for linked accounts in a list of monitors, when you've set up cross-account sharing in Internet Monitor. You configure cross-account sharing by using Amazon CloudWatch Observability Access Manager. For more information, see `Internet Monitor cross-account observability <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cwim-cross-account.html>`_ in the Amazon CloudWatch User Guide.
         :param internet_measurements_log_delivery: Publish internet measurements for a monitor for all city-networks (up to the 500,000 service limit) to another location, such as an Amazon S3 bucket. Measurements are also published to Amazon CloudWatch Logs for the first 500 (by traffic volume) city-networks (client locations and ASNs, typically internet service providers or ISPs).
-        :param linked_account_id: 
+        :param linked_account_id: The account ID for an account that you've set up cross-account sharing for in Internet Monitor. You configure cross-account sharing by using Amazon CloudWatch Observability Access Manager. For more information, see `Internet Monitor cross-account observability <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cwim-cross-account.html>`_ in the Amazon CloudWatch User Guide.
         :param max_city_networks_to_monitor: The maximum number of city-networks to monitor for your resources. A city-network is the location (city) where clients access your application resources from and the network, such as an internet service provider, that clients access the resources through. For more information, see `Choosing a city-network maximum value <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/IMCityNetworksMaximum.html>`_ in *Using Amazon CloudWatch Internet Monitor* .
         :param resources: The resources that have been added for the monitor, listed by their Amazon Resource Names (ARNs). Use this option to add or remove resources when making an update. .. epigraph:: Be aware that if you include content in the ``Resources`` field when you update a monitor, the ``ResourcesToAdd`` and ``ResourcesToRemove`` fields must be empty.
         :param resources_to_add: The resources to include in a monitor, which you provide as a set of Amazon Resource Names (ARNs). Resources can be Amazon Virtual Private Cloud VPCs, Network Load Balancers (NLBs), Amazon CloudFront distributions, or Amazon WorkSpaces directories. You can add a combination of VPCs and CloudFront distributions, or you can add WorkSpaces directories, or you can add NLBs. You can't add NLBs or WorkSpaces directories together with any other resources. If you add only VPC resources, at least one VPC must have an Internet Gateway attached to it, to make sure that it has internet connectivity. .. epigraph:: You can specify this field for a monitor update only if the ``Resources`` field is empty.
@@ -297,6 +297,7 @@ class CfnMonitor(
     def include_linked_accounts(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+        '''A boolean option that you can set to ``TRUE`` to include monitors for linked accounts in a list of monitors, when you've set up cross-account sharing in Internet Monitor.'''
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "includeLinkedAccounts"))
 
     @include_linked_accounts.setter
@@ -330,6 +331,7 @@ class CfnMonitor(
     @builtins.property
     @jsii.member(jsii_name="linkedAccountId")
     def linked_account_id(self) -> typing.Optional[builtins.str]:
+        '''The account ID for an account that you've set up cross-account sharing for in Internet Monitor.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "linkedAccountId"))
 
     @linked_account_id.setter
@@ -859,9 +861,9 @@ class CfnMonitorProps:
 
         :param monitor_name: The name of the monitor. A monitor name can contain only alphanumeric characters, dashes (-), periods (.), and underscores (_).
         :param health_events_config: A complex type with the configuration information that determines the threshold and other conditions for when Internet Monitor creates a health event for an overall performance or availability issue, across an application's geographies. Defines the percentages, for overall performance scores and availability scores for an application, that are the thresholds for when Amazon CloudWatch Internet Monitor creates a health event. You can override the defaults to set a custom threshold for overall performance or availability scores, or both. You can also set thresholds for local health scores,, where Internet Monitor creates a health event when scores cross a threshold for one or more city-networks, in addition to creating an event when an overall score crosses a threshold. If you don't set a health event threshold, the default value is 95%. For local thresholds, you also set a minimum percentage of overall traffic that is impacted by an issue before Internet Monitor creates an event. In addition, you can disable local thresholds, for performance scores, availability scores, or both. For more information, see `Change health event thresholds <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-IM-overview.html#IMUpdateThresholdFromOverview>`_ in the Internet Monitor section of the *CloudWatch User Guide* .
-        :param include_linked_accounts: 
+        :param include_linked_accounts: A boolean option that you can set to ``TRUE`` to include monitors for linked accounts in a list of monitors, when you've set up cross-account sharing in Internet Monitor. You configure cross-account sharing by using Amazon CloudWatch Observability Access Manager. For more information, see `Internet Monitor cross-account observability <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cwim-cross-account.html>`_ in the Amazon CloudWatch User Guide.
         :param internet_measurements_log_delivery: Publish internet measurements for a monitor for all city-networks (up to the 500,000 service limit) to another location, such as an Amazon S3 bucket. Measurements are also published to Amazon CloudWatch Logs for the first 500 (by traffic volume) city-networks (client locations and ASNs, typically internet service providers or ISPs).
-        :param linked_account_id: 
+        :param linked_account_id: The account ID for an account that you've set up cross-account sharing for in Internet Monitor. You configure cross-account sharing by using Amazon CloudWatch Observability Access Manager. For more information, see `Internet Monitor cross-account observability <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cwim-cross-account.html>`_ in the Amazon CloudWatch User Guide.
         :param max_city_networks_to_monitor: The maximum number of city-networks to monitor for your resources. A city-network is the location (city) where clients access your application resources from and the network, such as an internet service provider, that clients access the resources through. For more information, see `Choosing a city-network maximum value <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/IMCityNetworksMaximum.html>`_ in *Using Amazon CloudWatch Internet Monitor* .
         :param resources: The resources that have been added for the monitor, listed by their Amazon Resource Names (ARNs). Use this option to add or remove resources when making an update. .. epigraph:: Be aware that if you include content in the ``Resources`` field when you update a monitor, the ``ResourcesToAdd`` and ``ResourcesToRemove`` fields must be empty.
         :param resources_to_add: The resources to include in a monitor, which you provide as a set of Amazon Resource Names (ARNs). Resources can be Amazon Virtual Private Cloud VPCs, Network Load Balancers (NLBs), Amazon CloudFront distributions, or Amazon WorkSpaces directories. You can add a combination of VPCs and CloudFront distributions, or you can add WorkSpaces directories, or you can add NLBs. You can't add NLBs or WorkSpaces directories together with any other resources. If you add only VPC resources, at least one VPC must have an Internet Gateway attached to it, to make sure that it has internet connectivity. .. epigraph:: You can specify this field for a monitor update only if the ``Resources`` field is empty.
@@ -995,7 +997,10 @@ class CfnMonitorProps:
     def include_linked_accounts(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''
+        '''A boolean option that you can set to ``TRUE`` to include monitors for linked accounts in a list of monitors, when you've set up cross-account sharing in Internet Monitor.
+
+        You configure cross-account sharing by using Amazon CloudWatch Observability Access Manager. For more information, see `Internet Monitor cross-account observability <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cwim-cross-account.html>`_ in the Amazon CloudWatch User Guide.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-internetmonitor-monitor.html#cfn-internetmonitor-monitor-includelinkedaccounts
         '''
         result = self._values.get("include_linked_accounts")
@@ -1016,7 +1021,10 @@ class CfnMonitorProps:
 
     @builtins.property
     def linked_account_id(self) -> typing.Optional[builtins.str]:
-        '''
+        '''The account ID for an account that you've set up cross-account sharing for in Internet Monitor.
+
+        You configure cross-account sharing by using Amazon CloudWatch Observability Access Manager. For more information, see `Internet Monitor cross-account observability <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cwim-cross-account.html>`_ in the Amazon CloudWatch User Guide.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-internetmonitor-monitor.html#cfn-internetmonitor-monitor-linkedaccountid
         '''
         result = self._values.get("linked_account_id")