aws-cdk-lib 2.139.1__py3-none-any.whl → 2.141.0__py3-none-any.whl

aws_cdk/aws_globalaccelerator/__init__.py

@@ -900,10 +900,10 @@ class CfnCrossAccountAttachment(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param name: The Friendly identifier of the attachment.
-        :param principals: Principals to share the resources with.
-        :param resources: Resources shared using the attachment.
-        :param tags: 
+        :param name: The name of the cross-account attachment.
+        :param principals: The principals included in the cross-account attachment.
+        :param resources: The resources included in the cross-account attachment.
+        :param tags: Add tags for a cross-account attachment. For more information, see `Tagging in AWS Global Accelerator <https://docs.aws.amazon.com/global-accelerator/latest/dg/tagging-in-global-accelerator.html>`_ in the *AWS Global Accelerator Developer Guide* .
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__ba1ec3d469e5dcabcf7399e8e8e79a3f5365c953f4994522f2f99f4785e9351d)
@@ -948,7 +948,7 @@ class CfnCrossAccountAttachment(
     @builtins.property
     @jsii.member(jsii_name="attrAttachmentArn")
     def attr_attachment_arn(self) -> builtins.str:
-        '''The Amazon Resource Name (ARN) of the attachment.
+        '''The Amazon Resource Name (ARN) of the cross-account attachment.
 
         :cloudformationAttribute: AttachmentArn
         '''
@@ -968,7 +968,7 @@ class CfnCrossAccountAttachment(
     @builtins.property
     @jsii.member(jsii_name="name")
     def name(self) -> builtins.str:
-        '''The Friendly identifier of the attachment.'''
+        '''The name of the cross-account attachment.'''
         return typing.cast(builtins.str, jsii.get(self, "name"))
 
     @name.setter
@@ -981,7 +981,7 @@ class CfnCrossAccountAttachment(
     @builtins.property
     @jsii.member(jsii_name="principals")
     def principals(self) -> typing.Optional[typing.List[builtins.str]]:
-        '''Principals to share the resources with.'''
+        '''The principals included in the cross-account attachment.'''
         return typing.cast(typing.Optional[typing.List[builtins.str]], jsii.get(self, "principals"))
 
     @principals.setter
@@ -996,7 +996,7 @@ class CfnCrossAccountAttachment(
     def resources(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnCrossAccountAttachment.ResourceProperty"]]]]:
-        '''Resources shared using the attachment.'''
+        '''The resources included in the cross-account attachment.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnCrossAccountAttachment.ResourceProperty"]]]], jsii.get(self, "resources"))
 
     @resources.setter
@@ -1012,6 +1012,7 @@ class CfnCrossAccountAttachment(
     @builtins.property
     @jsii.member(jsii_name="tags")
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
+        '''Add tags for a cross-account attachment.'''
         return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tags"))
 
     @tags.setter
@@ -1118,10 +1119,10 @@ class CfnCrossAccountAttachmentProps:
     ) -> None:
         '''Properties for defining a ``CfnCrossAccountAttachment``.
 
-        :param name: The Friendly identifier of the attachment.
-        :param principals: Principals to share the resources with.
-        :param resources: Resources shared using the attachment.
-        :param tags: 
+        :param name: The name of the cross-account attachment.
+        :param principals: The principals included in the cross-account attachment.
+        :param resources: The resources included in the cross-account attachment.
+        :param tags: Add tags for a cross-account attachment. For more information, see `Tagging in AWS Global Accelerator <https://docs.aws.amazon.com/global-accelerator/latest/dg/tagging-in-global-accelerator.html>`_ in the *AWS Global Accelerator Developer Guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-globalaccelerator-crossaccountattachment.html
         :exampleMetadata: fixture=_generated
@@ -1167,7 +1168,7 @@ class CfnCrossAccountAttachmentProps:
 
     @builtins.property
     def name(self) -> builtins.str:
-        '''The Friendly identifier of the attachment.
+        '''The name of the cross-account attachment.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-globalaccelerator-crossaccountattachment.html#cfn-globalaccelerator-crossaccountattachment-name
         '''
@@ -1177,7 +1178,7 @@ class CfnCrossAccountAttachmentProps:
 
     @builtins.property
     def principals(self) -> typing.Optional[typing.List[builtins.str]]:
-        '''Principals to share the resources with.
+        '''The principals included in the cross-account attachment.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-globalaccelerator-crossaccountattachment.html#cfn-globalaccelerator-crossaccountattachment-principals
         '''
@@ -1188,7 +1189,7 @@ class CfnCrossAccountAttachmentProps:
     def resources(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnCrossAccountAttachment.ResourceProperty]]]]:
-        '''Resources shared using the attachment.
+        '''The resources included in the cross-account attachment.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-globalaccelerator-crossaccountattachment.html#cfn-globalaccelerator-crossaccountattachment-resources
         '''
@@ -1197,7 +1198,10 @@ class CfnCrossAccountAttachmentProps:
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''
+        '''Add tags for a cross-account attachment.
+
+        For more information, see `Tagging in AWS Global Accelerator <https://docs.aws.amazon.com/global-accelerator/latest/dg/tagging-in-global-accelerator.html>`_ in the *AWS Global Accelerator Developer Guide* .
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-globalaccelerator-crossaccountattachment.html#cfn-globalaccelerator-crossaccountattachment-tags
         '''
         result = self._values.get("tags")

aws_cdk/aws_iam/__init__.py

@@ -620,8 +620,8 @@ establish trust between an OIDC-compatible IdP and your AWS account. This is
 useful when creating a mobile app or web application that requires access to AWS
 resources, but you don't want to create custom sign-in code or manage your own
 user identities. For more information about this scenario, see [About Web
-Identity Federation] and the relevant documentation in the [Amazon Cognito
-Identity Pools Developer Guide].
+Identity Federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html) and the relevant documentation in the [Amazon Cognito
+Identity Pools Developer Guide](https://docs.aws.amazon.com/cognito/latest/developerguide/open-id.html).
 
 The following examples defines an OpenID Connect provider. Two client IDs
 (audiences) are will be able to send authentication requests to

aws_cdk/aws_ivs/__init__.py

@@ -1980,7 +1980,7 @@ class CfnRecordingConfiguration(
             :param recording_mode: Thumbnail recording mode. Valid values:. - ``DISABLED`` : Use DISABLED to disable the generation of thumbnails for recorded video. - ``INTERVAL`` : Use INTERVAL to enable the generation of thumbnails for recorded video at a time interval controlled by the `TargetIntervalSeconds <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ivs-recordingconfiguration-thumbnailconfiguration.html#cfn-ivs-recordingconfiguration-thumbnailconfiguration-targetintervalseconds>`_ property. *Default* : ``INTERVAL`` Default: - "INTERVAL"
             :param resolution: The desired resolution of recorded thumbnails for a stream. Thumbnails are recorded at the selected resolution if the corresponding rendition is available during the stream; otherwise, they are recorded at source resolution. For more information about resolution values and their corresponding height and width dimensions, see `Auto-Record to Amazon S3 <https://docs.aws.amazon.com//ivs/latest/LowLatencyUserGuide/record-to-s3.html>`_ .
             :param storage: The format in which thumbnails are recorded for a stream. ``SEQUENTIAL`` records all generated thumbnails in a serial manner, to the media/thumbnails directory. ``LATEST`` saves the latest thumbnail in media/thumbnails/latest/thumb.jpg and overwrites it at the interval specified by ``targetIntervalSeconds`` . You can enable both ``SEQUENTIAL`` and ``LATEST`` . Default: ``SEQUENTIAL`` .
-            :param target_interval_seconds: The targeted thumbnail-generation interval in seconds. This is configurable (and required) only if `RecordingMode <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ivs-recordingconfiguration-thumbnailconfiguration.html#cfn-ivs-recordingconfiguration-thumbnailconfiguration-recordingmode>`_ is ``INTERVAL`` . .. epigraph:: Setting a value for ``TargetIntervalSeconds`` does not guarantee that thumbnails are generated at the specified interval. For thumbnails to be generated at the ``TargetIntervalSeconds`` interval, the ``IDR/Keyframe`` value for the input video must be less than the ``TargetIntervalSeconds`` value. See `Amazon IVS Streaming Configuration <https://docs.aws.amazon.com/ivs/latest/LowLatencyUserGuide/streaming-config.html>`_ for information on setting ``IDR/Keyframe`` to the recommended value in video-encoder settings. *Default* : 60 *Valid Range* : Minumum value of 1. Maximum value of 60. Default: - 60
+            :param target_interval_seconds: The targeted thumbnail-generation interval in seconds. This is configurable (and required) only if `RecordingMode <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ivs-recordingconfiguration-thumbnailconfiguration.html#cfn-ivs-recordingconfiguration-thumbnailconfiguration-recordingmode>`_ is ``INTERVAL`` . .. epigraph:: Setting a value for ``TargetIntervalSeconds`` does not guarantee that thumbnails are generated at the specified interval. For thumbnails to be generated at the ``TargetIntervalSeconds`` interval, the ``IDR/Keyframe`` value for the input video must be less than the ``TargetIntervalSeconds`` value. See `Amazon IVS Streaming Configuration <https://docs.aws.amazon.com/ivs/latest/LowLatencyUserGuide/streaming-config.html>`_ for information on setting ``IDR/Keyframe`` to the recommended value in video-encoder settings. *Default* : 60 Default: - 60
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ivs-recordingconfiguration-thumbnailconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -2062,8 +2062,6 @@ class CfnRecordingConfiguration(
 
             *Default* : 60
 
-            *Valid Range* : Minumum value of 1. Maximum value of 60.
-
             :default: - 60
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ivs-recordingconfiguration-thumbnailconfiguration.html#cfn-ivs-recordingconfiguration-thumbnailconfiguration-targetintervalseconds

aws_cdk/aws_kinesis/__init__.py

@@ -211,6 +211,7 @@ from .. import (
     IResolvable as _IResolvable_da3f097b,
     IResource as _IResource_c80c4260,
     ITaggable as _ITaggable_36806126,
+    RemovalPolicy as _RemovalPolicy_9f93c814,
     Resource as _Resource_45bc6135,
     TagManager as _TagManager_0a598cb3,
     TreeInspector as _TreeInspector_488e0dd5,
@@ -2621,6 +2622,7 @@ class Stream(
         *,
         encryption: typing.Optional["StreamEncryption"] = None,
         encryption_key: typing.Optional[_IKey_5f11635f] = None,
+        removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
         retention_period: typing.Optional[_Duration_4839e8c3] = None,
         shard_count: typing.Optional[jsii.Number] = None,
         stream_mode: typing.Optional["StreamMode"] = None,
@@ -2631,6 +2633,7 @@ class Stream(
         :param id: -
         :param encryption: The kind of server-side encryption to apply to this stream. If you choose KMS, you can specify a KMS key via ``encryptionKey``. If encryption key is not specified, a key will automatically be created. Default: - StreamEncryption.KMS if encrypted Streams are supported in the region or StreamEncryption.UNENCRYPTED otherwise. StreamEncryption.KMS if an encryption key is supplied through the encryptionKey property
         :param encryption_key: External KMS key to use for stream encryption. The 'encryption' property must be set to "Kms". Default: - Kinesis Data Streams master key ('/alias/aws/kinesis'). If encryption is set to StreamEncryption.KMS and this property is undefined, a new KMS key will be created and associated with this stream.
+        :param removal_policy: Policy to apply when the stream is removed from the stack. Default: RemovalPolicy.RETAIN
         :param retention_period: The number of hours for the data records that are stored in shards to remain accessible. Default: Duration.hours(24)
         :param shard_count: The number of shards for the stream. Can only be provided if streamMode is Provisioned. Default: 1
         :param stream_mode: The capacity mode of this stream. Default: StreamMode.PROVISIONED
@@ -2643,6 +2646,7 @@ class Stream(
         props = StreamProps(
             encryption=encryption,
             encryption_key=encryption_key,
+            removal_policy=removal_policy,
             retention_period=retention_period,
             shard_count=shard_count,
             stream_mode=stream_mode,
@@ -3721,6 +3725,7 @@ class StreamMode(enum.Enum):
     name_mapping={
         "encryption": "encryption",
         "encryption_key": "encryptionKey",
+        "removal_policy": "removalPolicy",
         "retention_period": "retentionPeriod",
         "shard_count": "shardCount",
         "stream_mode": "streamMode",
@@ -3733,6 +3738,7 @@ class StreamProps:
         *,
         encryption: typing.Optional[StreamEncryption] = None,
         encryption_key: typing.Optional[_IKey_5f11635f] = None,
+        removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
         retention_period: typing.Optional[_Duration_4839e8c3] = None,
         shard_count: typing.Optional[jsii.Number] = None,
         stream_mode: typing.Optional[StreamMode] = None,
@@ -3742,6 +3748,7 @@ class StreamProps:
 
         :param encryption: The kind of server-side encryption to apply to this stream. If you choose KMS, you can specify a KMS key via ``encryptionKey``. If encryption key is not specified, a key will automatically be created. Default: - StreamEncryption.KMS if encrypted Streams are supported in the region or StreamEncryption.UNENCRYPTED otherwise. StreamEncryption.KMS if an encryption key is supplied through the encryptionKey property
         :param encryption_key: External KMS key to use for stream encryption. The 'encryption' property must be set to "Kms". Default: - Kinesis Data Streams master key ('/alias/aws/kinesis'). If encryption is set to StreamEncryption.KMS and this property is undefined, a new KMS key will be created and associated with this stream.
+        :param removal_policy: Policy to apply when the stream is removed from the stack. Default: RemovalPolicy.RETAIN
         :param retention_period: The number of hours for the data records that are stored in shards to remain accessible. Default: Duration.hours(24)
         :param shard_count: The number of shards for the stream. Can only be provided if streamMode is Provisioned. Default: 1
         :param stream_mode: The capacity mode of this stream. Default: StreamMode.PROVISIONED
@@ -3762,6 +3769,7 @@ class StreamProps:
             type_hints = typing.get_type_hints(_typecheckingstub__88629f78086711b76f550ae13e14f2db1429deb350aa5b10b7073d5852dadfcc)
             check_type(argname="argument encryption", value=encryption, expected_type=type_hints["encryption"])
             check_type(argname="argument encryption_key", value=encryption_key, expected_type=type_hints["encryption_key"])
+            check_type(argname="argument removal_policy", value=removal_policy, expected_type=type_hints["removal_policy"])
             check_type(argname="argument retention_period", value=retention_period, expected_type=type_hints["retention_period"])
             check_type(argname="argument shard_count", value=shard_count, expected_type=type_hints["shard_count"])
             check_type(argname="argument stream_mode", value=stream_mode, expected_type=type_hints["stream_mode"])
@@ -3771,6 +3779,8 @@ class StreamProps:
             self._values["encryption"] = encryption
         if encryption_key is not None:
             self._values["encryption_key"] = encryption_key
+        if removal_policy is not None:
+            self._values["removal_policy"] = removal_policy
         if retention_period is not None:
             self._values["retention_period"] = retention_period
         if shard_count is not None:
@@ -3811,6 +3821,15 @@ class StreamProps:
         result = self._values.get("encryption_key")
         return typing.cast(typing.Optional[_IKey_5f11635f], result)
 
+    @builtins.property
+    def removal_policy(self) -> typing.Optional[_RemovalPolicy_9f93c814]:
+        '''Policy to apply when the stream is removed from the stack.
+
+        :default: RemovalPolicy.RETAIN
+        '''
+        result = self._values.get("removal_policy")
+        return typing.cast(typing.Optional[_RemovalPolicy_9f93c814], result)
+
     @builtins.property
     def retention_period(self) -> typing.Optional[_Duration_4839e8c3]:
         '''The number of hours for the data records that are stored in shards to remain accessible.
@@ -4053,6 +4072,7 @@ def _typecheckingstub__d9e4f581406090d861e3fe8214f939eedc5d1ccaffe122a7542878ec4
     *,
     encryption: typing.Optional[StreamEncryption] = None,
     encryption_key: typing.Optional[_IKey_5f11635f] = None,
+    removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
     retention_period: typing.Optional[_Duration_4839e8c3] = None,
     shard_count: typing.Optional[jsii.Number] = None,
     stream_mode: typing.Optional[StreamMode] = None,
@@ -4131,6 +4151,7 @@ def _typecheckingstub__88629f78086711b76f550ae13e14f2db1429deb350aa5b10b7073d585
     *,
     encryption: typing.Optional[StreamEncryption] = None,
     encryption_key: typing.Optional[_IKey_5f11635f] = None,
+    removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
     retention_period: typing.Optional[_Duration_4839e8c3] = None,
     shard_count: typing.Optional[jsii.Number] = None,
     stream_mode: typing.Optional[StreamMode] = None,

aws_cdk/aws_kinesisvideo/__init__.py

@@ -97,7 +97,7 @@ class CfnSignalingChannel(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param message_ttl_seconds: The period of time a signaling channel retains undelivered messages before they are discarded.
+        :param message_ttl_seconds: The period of time (in seconds) a signaling channel retains undelivered messages before they are discarded. Use ``API_UpdateSignalingChannel`` to update this value.
         :param name: A name for the signaling channel that you are creating. It must be unique for each AWS account and AWS Region .
         :param tags: An array of key-value pairs to apply to this resource. For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
         :param type: A type of the signaling channel that you are creating. Currently, ``SINGLE_MASTER`` is the only supported channel type.
@@ -165,7 +165,7 @@ class CfnSignalingChannel(
     @builtins.property
     @jsii.member(jsii_name="messageTtlSeconds")
     def message_ttl_seconds(self) -> typing.Optional[jsii.Number]:
-        '''The period of time a signaling channel retains undelivered messages before they are discarded.'''
+        '''The period of time (in seconds) a signaling channel retains undelivered messages before they are discarded.'''
         return typing.cast(typing.Optional[jsii.Number], jsii.get(self, "messageTtlSeconds"))
 
     @message_ttl_seconds.setter
@@ -236,7 +236,7 @@ class CfnSignalingChannelProps:
     ) -> None:
         '''Properties for defining a ``CfnSignalingChannel``.
 
-        :param message_ttl_seconds: The period of time a signaling channel retains undelivered messages before they are discarded.
+        :param message_ttl_seconds: The period of time (in seconds) a signaling channel retains undelivered messages before they are discarded. Use ``API_UpdateSignalingChannel`` to update this value.
         :param name: A name for the signaling channel that you are creating. It must be unique for each AWS account and AWS Region .
         :param tags: An array of key-value pairs to apply to this resource. For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
         :param type: A type of the signaling channel that you are creating. Currently, ``SINGLE_MASTER`` is the only supported channel type.
@@ -278,7 +278,9 @@ class CfnSignalingChannelProps:
 
     @builtins.property
     def message_ttl_seconds(self) -> typing.Optional[jsii.Number]:
-        '''The period of time a signaling channel retains undelivered messages before they are discarded.
+        '''The period of time (in seconds) a signaling channel retains undelivered messages before they are discarded.
+
+        Use ``API_UpdateSignalingChannel`` to update this value.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kinesisvideo-signalingchannel.html#cfn-kinesisvideo-signalingchannel-messagettlseconds
         '''

aws_cdk/aws_kms/__init__.py

@@ -5,7 +5,8 @@ Define a KMS key:
 
 ```python
 kms.Key(self, "MyKey",
-    enable_key_rotation=True
+    enable_key_rotation=True,
+    rotation_period=Duration.days(180)
 )
 ```
 
@@ -736,7 +737,7 @@ class CfnKey(
         :param multi_region: Creates a multi-Region primary key that you can replicate in other AWS Regions . You can't change the ``MultiRegion`` value after the KMS key is created. For a list of AWS Regions in which multi-Region keys are supported, see `Multi-Region keys in AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html>`_ in the ** . .. epigraph:: If you change the value of the ``MultiRegion`` property on an existing KMS key, the update request fails, regardless of the value of the ```UpdateReplacePolicy`` attribute <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html>`_ . This prevents you from accidentally deleting a KMS key by changing an immutable property value. For a multi-Region key, set to this property to ``true`` . For a single-Region key, omit this property or set it to ``false`` . The default value is ``false`` . *Multi-Region keys* are an AWS KMS feature that lets you create multiple interoperable KMS keys in different AWS Regions . Because these KMS keys have the same key ID, key material, and other metadata, you can use them to encrypt data in one AWS Region and decrypt it in a different AWS Region without making a cross-Region call or exposing the plaintext data. For more information, see `Multi-Region keys <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html>`_ in the *AWS Key Management Service Developer Guide* . You can create a symmetric encryption, HMAC, or asymmetric multi-Region KMS key, and you can create a multi-Region key with imported key material. However, you cannot create a multi-Region key in a custom key store. To create a replica of this primary key in a different AWS Region , create an `AWS::KMS::ReplicaKey <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-replicakey.html>`_ resource in a CloudFormation stack in the replica Region. Specify the key ARN of this primary key. Default: - false
         :param origin: The source of the key material for the KMS key. You cannot change the origin after you create the KMS key. The default is ``AWS_KMS`` , which means that AWS KMS creates the key material. To `create a KMS key with no key material <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-create-cmk.html>`_ (for imported key material), set this value to ``EXTERNAL`` . For more information about importing key material into AWS KMS , see `Importing Key Material <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html>`_ in the *AWS Key Management Service Developer Guide* . You can ignore ``ENABLED`` when Origin is ``EXTERNAL`` . When a KMS key with Origin ``EXTERNAL`` is created, the key state is ``PENDING_IMPORT`` and ``ENABLED`` is ``false`` . After you import the key material, ``ENABLED`` updated to ``true`` . The KMS key can then be used for Cryptographic Operations. .. epigraph:: AWS CloudFormation doesn't support creating an ``Origin`` parameter of the ``AWS_CLOUDHSM`` or ``EXTERNAL_KEY_STORE`` values. Default: - "AWS_KMS"
         :param pending_window_in_days: Specifies the number of days in the waiting period before AWS KMS deletes a KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days. When you remove a KMS key from a CloudFormation stack, AWS KMS schedules the KMS key for deletion and starts the mandatory waiting period. The ``PendingWindowInDays`` property determines the length of waiting period. During the waiting period, the key state of KMS key is ``Pending Deletion`` or ``Pending Replica Deletion`` , which prevents the KMS key from being used in cryptographic operations. When the waiting period expires, AWS KMS permanently deletes the KMS key. AWS KMS will not delete a `multi-Region primary key <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html>`_ that has replica keys. If you remove a multi-Region primary key from a CloudFormation stack, its key state changes to ``PendingReplicaDeletion`` so it cannot be replicated or used in cryptographic operations. This state can persist indefinitely. When the last of its replica keys is deleted, the key state of the primary key changes to ``PendingDeletion`` and the waiting period specified by ``PendingWindowInDays`` begins. When this waiting period expires, AWS KMS deletes the primary key. For details, see `Deleting multi-Region keys <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html>`_ in the *AWS Key Management Service Developer Guide* . You cannot use a CloudFormation template to cancel deletion of the KMS key after you remove it from the stack, regardless of the waiting period. If you specify a KMS key in your template, even one with the same name, CloudFormation creates a new KMS key. To cancel deletion of a KMS key, use the AWS KMS console or the `CancelKeyDeletion <https://docs.aws.amazon.com/kms/latest/APIReference/API_CancelKeyDeletion.html>`_ operation. For information about the ``Pending Deletion`` and ``Pending Replica Deletion`` key states, see `Key state: Effect on your KMS key <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html>`_ in the *AWS Key Management Service Developer Guide* . For more information about deleting KMS keys, see the `ScheduleKeyDeletion <https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html>`_ operation in the *AWS Key Management Service API Reference* and `Deleting KMS keys <https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html>`_ in the *AWS Key Management Service Developer Guide* .
-        :param rotation_period_in_days: The number of days between each automatic rotation. The default value is 365 days. Default: - 365
+        :param rotation_period_in_days: Specifies a custom period of time between each rotation date. If no value is specified, the default value is 365 days. The rotation period defines the number of days after you enable automatic key rotation that AWS KMS will rotate your key material, and the number of days between each automatic rotation thereafter. You can use the ```kms:RotationPeriodInDays`` <https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-rotation-period-in-days>`_ condition key to further constrain the values that principals can specify in the ``RotationPeriodInDays`` parameter. For more information about rotating KMS keys and automatic rotation, see `Rotating keys <https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html>`_ in the *AWS Key Management Service Developer Guide* . Default: - 365
         :param tags: Assigns one or more tags to the replica key. .. epigraph:: Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see `ABAC for AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/abac.html>`_ in the *AWS Key Management Service Developer Guide* . For information about tags in AWS KMS , see `Tagging keys <https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html>`_ in the *AWS Key Management Service Developer Guide* . For information about tags in CloudFormation, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
         '''
         if __debug__:
@@ -982,7 +983,7 @@ class CfnKey(
     @builtins.property
     @jsii.member(jsii_name="rotationPeriodInDays")
     def rotation_period_in_days(self) -> typing.Optional[jsii.Number]:
-        '''The number of days between each automatic rotation.'''
+        '''Specifies a custom period of time between each rotation date.'''
         return typing.cast(typing.Optional[jsii.Number], jsii.get(self, "rotationPeriodInDays"))
 
     @rotation_period_in_days.setter
@@ -1053,7 +1054,7 @@ class CfnKeyProps:
         :param multi_region: Creates a multi-Region primary key that you can replicate in other AWS Regions . You can't change the ``MultiRegion`` value after the KMS key is created. For a list of AWS Regions in which multi-Region keys are supported, see `Multi-Region keys in AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html>`_ in the ** . .. epigraph:: If you change the value of the ``MultiRegion`` property on an existing KMS key, the update request fails, regardless of the value of the ```UpdateReplacePolicy`` attribute <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html>`_ . This prevents you from accidentally deleting a KMS key by changing an immutable property value. For a multi-Region key, set to this property to ``true`` . For a single-Region key, omit this property or set it to ``false`` . The default value is ``false`` . *Multi-Region keys* are an AWS KMS feature that lets you create multiple interoperable KMS keys in different AWS Regions . Because these KMS keys have the same key ID, key material, and other metadata, you can use them to encrypt data in one AWS Region and decrypt it in a different AWS Region without making a cross-Region call or exposing the plaintext data. For more information, see `Multi-Region keys <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html>`_ in the *AWS Key Management Service Developer Guide* . You can create a symmetric encryption, HMAC, or asymmetric multi-Region KMS key, and you can create a multi-Region key with imported key material. However, you cannot create a multi-Region key in a custom key store. To create a replica of this primary key in a different AWS Region , create an `AWS::KMS::ReplicaKey <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-replicakey.html>`_ resource in a CloudFormation stack in the replica Region. Specify the key ARN of this primary key. Default: - false
         :param origin: The source of the key material for the KMS key. You cannot change the origin after you create the KMS key. The default is ``AWS_KMS`` , which means that AWS KMS creates the key material. To `create a KMS key with no key material <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-create-cmk.html>`_ (for imported key material), set this value to ``EXTERNAL`` . For more information about importing key material into AWS KMS , see `Importing Key Material <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html>`_ in the *AWS Key Management Service Developer Guide* . You can ignore ``ENABLED`` when Origin is ``EXTERNAL`` . When a KMS key with Origin ``EXTERNAL`` is created, the key state is ``PENDING_IMPORT`` and ``ENABLED`` is ``false`` . After you import the key material, ``ENABLED`` updated to ``true`` . The KMS key can then be used for Cryptographic Operations. .. epigraph:: AWS CloudFormation doesn't support creating an ``Origin`` parameter of the ``AWS_CLOUDHSM`` or ``EXTERNAL_KEY_STORE`` values. Default: - "AWS_KMS"
         :param pending_window_in_days: Specifies the number of days in the waiting period before AWS KMS deletes a KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days. When you remove a KMS key from a CloudFormation stack, AWS KMS schedules the KMS key for deletion and starts the mandatory waiting period. The ``PendingWindowInDays`` property determines the length of waiting period. During the waiting period, the key state of KMS key is ``Pending Deletion`` or ``Pending Replica Deletion`` , which prevents the KMS key from being used in cryptographic operations. When the waiting period expires, AWS KMS permanently deletes the KMS key. AWS KMS will not delete a `multi-Region primary key <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html>`_ that has replica keys. If you remove a multi-Region primary key from a CloudFormation stack, its key state changes to ``PendingReplicaDeletion`` so it cannot be replicated or used in cryptographic operations. This state can persist indefinitely. When the last of its replica keys is deleted, the key state of the primary key changes to ``PendingDeletion`` and the waiting period specified by ``PendingWindowInDays`` begins. When this waiting period expires, AWS KMS deletes the primary key. For details, see `Deleting multi-Region keys <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html>`_ in the *AWS Key Management Service Developer Guide* . You cannot use a CloudFormation template to cancel deletion of the KMS key after you remove it from the stack, regardless of the waiting period. If you specify a KMS key in your template, even one with the same name, CloudFormation creates a new KMS key. To cancel deletion of a KMS key, use the AWS KMS console or the `CancelKeyDeletion <https://docs.aws.amazon.com/kms/latest/APIReference/API_CancelKeyDeletion.html>`_ operation. For information about the ``Pending Deletion`` and ``Pending Replica Deletion`` key states, see `Key state: Effect on your KMS key <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html>`_ in the *AWS Key Management Service Developer Guide* . For more information about deleting KMS keys, see the `ScheduleKeyDeletion <https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html>`_ operation in the *AWS Key Management Service API Reference* and `Deleting KMS keys <https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html>`_ in the *AWS Key Management Service Developer Guide* .
-        :param rotation_period_in_days: The number of days between each automatic rotation. The default value is 365 days. Default: - 365
+        :param rotation_period_in_days: Specifies a custom period of time between each rotation date. If no value is specified, the default value is 365 days. The rotation period defines the number of days after you enable automatic key rotation that AWS KMS will rotate your key material, and the number of days between each automatic rotation thereafter. You can use the ```kms:RotationPeriodInDays`` <https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-rotation-period-in-days>`_ condition key to further constrain the values that principals can specify in the ``RotationPeriodInDays`` parameter. For more information about rotating KMS keys and automatic rotation, see `Rotating keys <https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html>`_ in the *AWS Key Management Service Developer Guide* . Default: - 365
         :param tags: Assigns one or more tags to the replica key. .. epigraph:: Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see `ABAC for AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/abac.html>`_ in the *AWS Key Management Service Developer Guide* . For information about tags in AWS KMS , see `Tagging keys <https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html>`_ in the *AWS Key Management Service Developer Guide* . For information about tags in CloudFormation, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html
@@ -1351,9 +1352,15 @@ class CfnKeyProps:
 
     @builtins.property
     def rotation_period_in_days(self) -> typing.Optional[jsii.Number]:
-        '''The number of days between each automatic rotation.
+        '''Specifies a custom period of time between each rotation date.
 
-        The default value is 365 days.
+        If no value is specified, the default value is 365 days.
+
+        The rotation period defines the number of days after you enable automatic key rotation that AWS KMS will rotate your key material, and the number of days between each automatic rotation thereafter.
+
+        You can use the ```kms:RotationPeriodInDays`` <https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-rotation-period-in-days>`_ condition key to further constrain the values that principals can specify in the ``RotationPeriodInDays`` parameter.
+
+        For more information about rotating KMS keys and automatic rotation, see `Rotating keys <https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html>`_ in the *AWS Key Management Service Developer Guide* .
 
         :default: - 365
 
@@ -2097,6 +2104,7 @@ class Key(
         pending_window: typing.Optional[_Duration_4839e8c3] = None,
         policy: typing.Optional[_PolicyDocument_3ac34393] = None,
         removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
+        rotation_period: typing.Optional[_Duration_4839e8c3] = None,
     ) -> None:
         '''
         :param scope: -
@@ -2111,6 +2119,7 @@ class Key(
         :param pending_window: Specifies the number of days in the waiting period before AWS KMS deletes a CMK that has been removed from a CloudFormation stack. When you remove a customer master key (CMK) from a CloudFormation stack, AWS KMS schedules the CMK for deletion and starts the mandatory waiting period. The PendingWindowInDays property determines the length of waiting period. During the waiting period, the key state of CMK is Pending Deletion, which prevents the CMK from being used in cryptographic operations. When the waiting period expires, AWS KMS permanently deletes the CMK. Enter a value between 7 and 30 days. Default: - 30 days
         :param policy: Custom policy document to attach to the KMS key. NOTE - If the ``@aws-cdk/aws-kms:defaultKeyPolicies`` feature flag is set (the default for new projects), this policy will *override* the default key policy and become the only key policy for the key. If the feature flag is not set, this policy will be appended to the default key policy. Default: - A policy document with permissions for the account root to administer the key will be created.
         :param removal_policy: Whether the encryption key should be retained when it is removed from the Stack. This is useful when one wants to retain access to data that was encrypted with a key that is being retired. Default: RemovalPolicy.Retain
+        :param rotation_period: The period between each automatic rotation. Default: - set by CFN to 365 days.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__2cde9534bdfe7c19d6e24354f8a0de8ca349632d3f565addcaed7e86a84dac7e)
@@ -2127,6 +2136,7 @@ class Key(
             pending_window=pending_window,
             policy=policy,
             removal_policy=removal_policy,
+            rotation_period=rotation_period,
         )
 
         jsii.create(self.__class__, self, [scope, id, props])
@@ -2431,6 +2441,7 @@ class KeyLookupOptions:
         "pending_window": "pendingWindow",
         "policy": "policy",
         "removal_policy": "removalPolicy",
+        "rotation_period": "rotationPeriod",
     },
 )
 class KeyProps:
@@ -2447,6 +2458,7 @@ class KeyProps:
         pending_window: typing.Optional[_Duration_4839e8c3] = None,
         policy: typing.Optional[_PolicyDocument_3ac34393] = None,
         removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
+        rotation_period: typing.Optional[_Duration_4839e8c3] = None,
     ) -> None:
         '''Construction properties for a KMS Key object.
 
@@ -2460,6 +2472,7 @@ class KeyProps:
         :param pending_window: Specifies the number of days in the waiting period before AWS KMS deletes a CMK that has been removed from a CloudFormation stack. When you remove a customer master key (CMK) from a CloudFormation stack, AWS KMS schedules the CMK for deletion and starts the mandatory waiting period. The PendingWindowInDays property determines the length of waiting period. During the waiting period, the key state of CMK is Pending Deletion, which prevents the CMK from being used in cryptographic operations. When the waiting period expires, AWS KMS permanently deletes the CMK. Enter a value between 7 and 30 days. Default: - 30 days
         :param policy: Custom policy document to attach to the KMS key. NOTE - If the ``@aws-cdk/aws-kms:defaultKeyPolicies`` feature flag is set (the default for new projects), this policy will *override* the default key policy and become the only key policy for the key. If the feature flag is not set, this policy will be appended to the default key policy. Default: - A policy document with permissions for the account root to administer the key will be created.
         :param removal_policy: Whether the encryption key should be retained when it is removed from the Stack. This is useful when one wants to retain access to data that was encrypted with a key that is being retired. Default: RemovalPolicy.Retain
+        :param rotation_period: The period between each automatic rotation. Default: - set by CFN to 365 days.
 
         :exampleMetadata: infused
 
@@ -2498,6 +2511,7 @@ class KeyProps:
             check_type(argname="argument pending_window", value=pending_window, expected_type=type_hints["pending_window"])
             check_type(argname="argument policy", value=policy, expected_type=type_hints["policy"])
             check_type(argname="argument removal_policy", value=removal_policy, expected_type=type_hints["removal_policy"])
+            check_type(argname="argument rotation_period", value=rotation_period, expected_type=type_hints["rotation_period"])
         self._values: typing.Dict[builtins.str, typing.Any] = {}
         if admins is not None:
             self._values["admins"] = admins
@@ -2519,6 +2533,8 @@ class KeyProps:
             self._values["policy"] = policy
         if removal_policy is not None:
             self._values["removal_policy"] = removal_policy
+        if rotation_period is not None:
+            self._values["rotation_period"] = rotation_period
 
     @builtins.property
     def admins(self) -> typing.Optional[typing.List[_IPrincipal_539bb2fd]]:
@@ -2645,6 +2661,15 @@ class KeyProps:
         result = self._values.get("removal_policy")
         return typing.cast(typing.Optional[_RemovalPolicy_9f93c814], result)
 
+    @builtins.property
+    def rotation_period(self) -> typing.Optional[_Duration_4839e8c3]:
+        '''The period between each automatic rotation.
+
+        :default: - set by CFN to 365 days.
+        '''
+        result = self._values.get("rotation_period")
+        return typing.cast(typing.Optional[_Duration_4839e8c3], result)
+
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -3468,6 +3493,7 @@ def _typecheckingstub__2cde9534bdfe7c19d6e24354f8a0de8ca349632d3f565addcaed7e86a
     pending_window: typing.Optional[_Duration_4839e8c3] = None,
     policy: typing.Optional[_PolicyDocument_3ac34393] = None,
     removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
+    rotation_period: typing.Optional[_Duration_4839e8c3] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -3570,6 +3596,7 @@ def _typecheckingstub__b3cbd21baa1113e5b2864ce6b440a0d87704642442943c3a554ab23ae
     pending_window: typing.Optional[_Duration_4839e8c3] = None,
     policy: typing.Optional[_PolicyDocument_3ac34393] = None,
     removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
+    rotation_period: typing.Optional[_Duration_4839e8c3] = None,
 ) -> None:
     """Type checking stubs"""
     pass

aws_cdk/aws_lambda/__init__.py

@@ -2917,15 +2917,6 @@ class CfnAlias(
         '''The CloudFormation resource type name for this resource class.'''
         return typing.cast(builtins.str, jsii.sget(cls, "CFN_RESOURCE_TYPE_NAME"))
 
-    @builtins.property
-    @jsii.member(jsii_name="attrAliasArn")
-    def attr_alias_arn(self) -> builtins.str:
-        '''Lambda Alias ARN generated by the service.
-
-        :cloudformationAttribute: AliasArn
-        '''
-        return typing.cast(builtins.str, jsii.get(self, "attrAliasArn"))
-
     @builtins.property
     @jsii.member(jsii_name="attrId")
     def attr_id(self) -> builtins.str:

aws_cdk/aws_location/__init__.py

@@ -742,7 +742,7 @@ class CfnGeofenceCollection(
         :param description: An optional description for the geofence collection.
         :param kms_key_id: A key identifier for an `AWS KMS customer managed key <https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html>`_ . Enter a key ID, key ARN, alias name, or alias ARN.
         :param pricing_plan: 
-        :param pricing_plan_data_source: 
+        :param pricing_plan_data_source: (deprecated) This shape is deprecated since 2022-02-01: Deprecated. No longer allowed.
         :param tags: Applies one or more tags to the geofence collection. A tag is a key-value pair helps manage, identify, search, and filter your resources by labelling them. Format: ``"key" : "value"`` Restrictions: - Maximum 50 tags per resource - Each resource tag must be unique with a maximum of one value. - Maximum key length: 128 Unicode characters in UTF-8 - Maximum value length: 256 Unicode characters in UTF-8 - Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : /
         '''
         if __debug__:
@@ -904,7 +904,8 @@ class CfnGeofenceCollection(
     @builtins.property
     @jsii.member(jsii_name="pricingPlanDataSource")
     def pricing_plan_data_source(self) -> typing.Optional[builtins.str]:
-        '''
+        '''(deprecated) This shape is deprecated since 2022-02-01: Deprecated.
+
         :deprecated: this property has been deprecated
 
         :stability: deprecated
@@ -961,7 +962,7 @@ class CfnGeofenceCollectionProps:
         :param description: An optional description for the geofence collection.
         :param kms_key_id: A key identifier for an `AWS KMS customer managed key <https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html>`_ . Enter a key ID, key ARN, alias name, or alias ARN.
         :param pricing_plan: 
-        :param pricing_plan_data_source: 
+        :param pricing_plan_data_source: (deprecated) This shape is deprecated since 2022-02-01: Deprecated. No longer allowed.
         :param tags: Applies one or more tags to the geofence collection. A tag is a key-value pair helps manage, identify, search, and filter your resources by labelling them. Format: ``"key" : "value"`` Restrictions: - Maximum 50 tags per resource - Each resource tag must be unique with a maximum of one value. - Maximum key length: 128 Unicode characters in UTF-8 - Maximum value length: 256 Unicode characters in UTF-8 - Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : /
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-location-geofencecollection.html
@@ -1056,7 +1057,10 @@ class CfnGeofenceCollectionProps:
 
     @builtins.property
     def pricing_plan_data_source(self) -> typing.Optional[builtins.str]:
-        '''
+        '''(deprecated) This shape is deprecated since 2022-02-01: Deprecated.
+
+        No longer allowed.
+
         :deprecated: this property has been deprecated
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-location-geofencecollection.html#cfn-location-geofencecollection-pricingplandatasource