aws-cdk-lib 2.140.0__py3-none-any.whl → 2.142.0__py3-none-any.whl

aws_cdk/aws_iam/__init__.py

@@ -10723,16 +10723,21 @@ class RoleProps:
 
         Example::
 
-            # definition: sfn.IChainable
-            role = iam.Role(self, "Role",
-                assumed_by=iam.ServicePrincipal("lambda.amazonaws.com")
-            )
-            state_machine = sfn.StateMachine(self, "StateMachine",
-                definition_body=sfn.DefinitionBody.from_chainable(definition)
+            # Option 3: Create a new role that allows the account root principal to assume. Add this role in the `system:masters` and witch to this role from the AWS console.
+            # cluster: eks.Cluster
+            
+            
+            console_read_only_role = iam.Role(self, "ConsoleReadOnlyRole",
+                assumed_by=iam.ArnPrincipal("arn_for_trusted_principal")
             )
+            console_read_only_role.add_to_policy(iam.PolicyStatement(
+                actions=["eks:AccessKubernetesApi", "eks:Describe*", "eks:List*"
+                ],
+                resources=[cluster.cluster_arn]
+            ))
             
-            # Give role permission to get execution history of ALL executions for the state machine
-            state_machine.grant_execution(role, "states:GetExecutionHistory")
+            # Add this role to system:masters RBAC group
+            cluster.aws_auth.add_masters_role(console_read_only_role)
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__9c9223cb9fa6dff45ee4fd7013629ab18542c2499a83f542c5405968fad2287c)

aws_cdk/aws_ivs/__init__.py

@@ -1980,7 +1980,7 @@ class CfnRecordingConfiguration(
             :param recording_mode: Thumbnail recording mode. Valid values:. - ``DISABLED`` : Use DISABLED to disable the generation of thumbnails for recorded video. - ``INTERVAL`` : Use INTERVAL to enable the generation of thumbnails for recorded video at a time interval controlled by the `TargetIntervalSeconds <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ivs-recordingconfiguration-thumbnailconfiguration.html#cfn-ivs-recordingconfiguration-thumbnailconfiguration-targetintervalseconds>`_ property. *Default* : ``INTERVAL`` Default: - "INTERVAL"
             :param resolution: The desired resolution of recorded thumbnails for a stream. Thumbnails are recorded at the selected resolution if the corresponding rendition is available during the stream; otherwise, they are recorded at source resolution. For more information about resolution values and their corresponding height and width dimensions, see `Auto-Record to Amazon S3 <https://docs.aws.amazon.com//ivs/latest/LowLatencyUserGuide/record-to-s3.html>`_ .
             :param storage: The format in which thumbnails are recorded for a stream. ``SEQUENTIAL`` records all generated thumbnails in a serial manner, to the media/thumbnails directory. ``LATEST`` saves the latest thumbnail in media/thumbnails/latest/thumb.jpg and overwrites it at the interval specified by ``targetIntervalSeconds`` . You can enable both ``SEQUENTIAL`` and ``LATEST`` . Default: ``SEQUENTIAL`` .
-            :param target_interval_seconds: The targeted thumbnail-generation interval in seconds. This is configurable (and required) only if `RecordingMode <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ivs-recordingconfiguration-thumbnailconfiguration.html#cfn-ivs-recordingconfiguration-thumbnailconfiguration-recordingmode>`_ is ``INTERVAL`` . .. epigraph:: Setting a value for ``TargetIntervalSeconds`` does not guarantee that thumbnails are generated at the specified interval. For thumbnails to be generated at the ``TargetIntervalSeconds`` interval, the ``IDR/Keyframe`` value for the input video must be less than the ``TargetIntervalSeconds`` value. See `Amazon IVS Streaming Configuration <https://docs.aws.amazon.com/ivs/latest/LowLatencyUserGuide/streaming-config.html>`_ for information on setting ``IDR/Keyframe`` to the recommended value in video-encoder settings. *Default* : 60 *Valid Range* : Minumum value of 1. Maximum value of 60. Default: - 60
+            :param target_interval_seconds: The targeted thumbnail-generation interval in seconds. This is configurable (and required) only if `RecordingMode <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ivs-recordingconfiguration-thumbnailconfiguration.html#cfn-ivs-recordingconfiguration-thumbnailconfiguration-recordingmode>`_ is ``INTERVAL`` . .. epigraph:: Setting a value for ``TargetIntervalSeconds`` does not guarantee that thumbnails are generated at the specified interval. For thumbnails to be generated at the ``TargetIntervalSeconds`` interval, the ``IDR/Keyframe`` value for the input video must be less than the ``TargetIntervalSeconds`` value. See `Amazon IVS Streaming Configuration <https://docs.aws.amazon.com/ivs/latest/LowLatencyUserGuide/streaming-config.html>`_ for information on setting ``IDR/Keyframe`` to the recommended value in video-encoder settings. *Default* : 60 Default: - 60
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ivs-recordingconfiguration-thumbnailconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -2062,8 +2062,6 @@ class CfnRecordingConfiguration(
 
             *Default* : 60
 
-            *Valid Range* : Minumum value of 1. Maximum value of 60.
-
             :default: - 60
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ivs-recordingconfiguration-thumbnailconfiguration.html#cfn-ivs-recordingconfiguration-thumbnailconfiguration-targetintervalseconds

aws_cdk/aws_kms/__init__.py

@@ -737,7 +737,7 @@ class CfnKey(
         :param multi_region: Creates a multi-Region primary key that you can replicate in other AWS Regions . You can't change the ``MultiRegion`` value after the KMS key is created. For a list of AWS Regions in which multi-Region keys are supported, see `Multi-Region keys in AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html>`_ in the ** . .. epigraph:: If you change the value of the ``MultiRegion`` property on an existing KMS key, the update request fails, regardless of the value of the ```UpdateReplacePolicy`` attribute <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html>`_ . This prevents you from accidentally deleting a KMS key by changing an immutable property value. For a multi-Region key, set to this property to ``true`` . For a single-Region key, omit this property or set it to ``false`` . The default value is ``false`` . *Multi-Region keys* are an AWS KMS feature that lets you create multiple interoperable KMS keys in different AWS Regions . Because these KMS keys have the same key ID, key material, and other metadata, you can use them to encrypt data in one AWS Region and decrypt it in a different AWS Region without making a cross-Region call or exposing the plaintext data. For more information, see `Multi-Region keys <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html>`_ in the *AWS Key Management Service Developer Guide* . You can create a symmetric encryption, HMAC, or asymmetric multi-Region KMS key, and you can create a multi-Region key with imported key material. However, you cannot create a multi-Region key in a custom key store. To create a replica of this primary key in a different AWS Region , create an `AWS::KMS::ReplicaKey <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-replicakey.html>`_ resource in a CloudFormation stack in the replica Region. Specify the key ARN of this primary key. Default: - false
         :param origin: The source of the key material for the KMS key. You cannot change the origin after you create the KMS key. The default is ``AWS_KMS`` , which means that AWS KMS creates the key material. To `create a KMS key with no key material <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-create-cmk.html>`_ (for imported key material), set this value to ``EXTERNAL`` . For more information about importing key material into AWS KMS , see `Importing Key Material <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html>`_ in the *AWS Key Management Service Developer Guide* . You can ignore ``ENABLED`` when Origin is ``EXTERNAL`` . When a KMS key with Origin ``EXTERNAL`` is created, the key state is ``PENDING_IMPORT`` and ``ENABLED`` is ``false`` . After you import the key material, ``ENABLED`` updated to ``true`` . The KMS key can then be used for Cryptographic Operations. .. epigraph:: AWS CloudFormation doesn't support creating an ``Origin`` parameter of the ``AWS_CLOUDHSM`` or ``EXTERNAL_KEY_STORE`` values. Default: - "AWS_KMS"
         :param pending_window_in_days: Specifies the number of days in the waiting period before AWS KMS deletes a KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days. When you remove a KMS key from a CloudFormation stack, AWS KMS schedules the KMS key for deletion and starts the mandatory waiting period. The ``PendingWindowInDays`` property determines the length of waiting period. During the waiting period, the key state of KMS key is ``Pending Deletion`` or ``Pending Replica Deletion`` , which prevents the KMS key from being used in cryptographic operations. When the waiting period expires, AWS KMS permanently deletes the KMS key. AWS KMS will not delete a `multi-Region primary key <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html>`_ that has replica keys. If you remove a multi-Region primary key from a CloudFormation stack, its key state changes to ``PendingReplicaDeletion`` so it cannot be replicated or used in cryptographic operations. This state can persist indefinitely. When the last of its replica keys is deleted, the key state of the primary key changes to ``PendingDeletion`` and the waiting period specified by ``PendingWindowInDays`` begins. When this waiting period expires, AWS KMS deletes the primary key. For details, see `Deleting multi-Region keys <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html>`_ in the *AWS Key Management Service Developer Guide* . You cannot use a CloudFormation template to cancel deletion of the KMS key after you remove it from the stack, regardless of the waiting period. If you specify a KMS key in your template, even one with the same name, CloudFormation creates a new KMS key. To cancel deletion of a KMS key, use the AWS KMS console or the `CancelKeyDeletion <https://docs.aws.amazon.com/kms/latest/APIReference/API_CancelKeyDeletion.html>`_ operation. For information about the ``Pending Deletion`` and ``Pending Replica Deletion`` key states, see `Key state: Effect on your KMS key <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html>`_ in the *AWS Key Management Service Developer Guide* . For more information about deleting KMS keys, see the `ScheduleKeyDeletion <https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html>`_ operation in the *AWS Key Management Service API Reference* and `Deleting KMS keys <https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html>`_ in the *AWS Key Management Service Developer Guide* .
-        :param rotation_period_in_days: The number of days between each automatic rotation. The default value is 365 days. Default: - 365
+        :param rotation_period_in_days: Specifies a custom period of time between each rotation date. If no value is specified, the default value is 365 days. The rotation period defines the number of days after you enable automatic key rotation that AWS KMS will rotate your key material, and the number of days between each automatic rotation thereafter. You can use the ```kms:RotationPeriodInDays`` <https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-rotation-period-in-days>`_ condition key to further constrain the values that principals can specify in the ``RotationPeriodInDays`` parameter. For more information about rotating KMS keys and automatic rotation, see `Rotating keys <https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html>`_ in the *AWS Key Management Service Developer Guide* . Default: - 365
         :param tags: Assigns one or more tags to the replica key. .. epigraph:: Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see `ABAC for AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/abac.html>`_ in the *AWS Key Management Service Developer Guide* . For information about tags in AWS KMS , see `Tagging keys <https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html>`_ in the *AWS Key Management Service Developer Guide* . For information about tags in CloudFormation, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
         '''
         if __debug__:
@@ -983,7 +983,7 @@ class CfnKey(
     @builtins.property
     @jsii.member(jsii_name="rotationPeriodInDays")
     def rotation_period_in_days(self) -> typing.Optional[jsii.Number]:
-        '''The number of days between each automatic rotation.'''
+        '''Specifies a custom period of time between each rotation date.'''
         return typing.cast(typing.Optional[jsii.Number], jsii.get(self, "rotationPeriodInDays"))
 
     @rotation_period_in_days.setter
@@ -1054,7 +1054,7 @@ class CfnKeyProps:
         :param multi_region: Creates a multi-Region primary key that you can replicate in other AWS Regions . You can't change the ``MultiRegion`` value after the KMS key is created. For a list of AWS Regions in which multi-Region keys are supported, see `Multi-Region keys in AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html>`_ in the ** . .. epigraph:: If you change the value of the ``MultiRegion`` property on an existing KMS key, the update request fails, regardless of the value of the ```UpdateReplacePolicy`` attribute <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html>`_ . This prevents you from accidentally deleting a KMS key by changing an immutable property value. For a multi-Region key, set to this property to ``true`` . For a single-Region key, omit this property or set it to ``false`` . The default value is ``false`` . *Multi-Region keys* are an AWS KMS feature that lets you create multiple interoperable KMS keys in different AWS Regions . Because these KMS keys have the same key ID, key material, and other metadata, you can use them to encrypt data in one AWS Region and decrypt it in a different AWS Region without making a cross-Region call or exposing the plaintext data. For more information, see `Multi-Region keys <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html>`_ in the *AWS Key Management Service Developer Guide* . You can create a symmetric encryption, HMAC, or asymmetric multi-Region KMS key, and you can create a multi-Region key with imported key material. However, you cannot create a multi-Region key in a custom key store. To create a replica of this primary key in a different AWS Region , create an `AWS::KMS::ReplicaKey <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-replicakey.html>`_ resource in a CloudFormation stack in the replica Region. Specify the key ARN of this primary key. Default: - false
         :param origin: The source of the key material for the KMS key. You cannot change the origin after you create the KMS key. The default is ``AWS_KMS`` , which means that AWS KMS creates the key material. To `create a KMS key with no key material <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-create-cmk.html>`_ (for imported key material), set this value to ``EXTERNAL`` . For more information about importing key material into AWS KMS , see `Importing Key Material <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html>`_ in the *AWS Key Management Service Developer Guide* . You can ignore ``ENABLED`` when Origin is ``EXTERNAL`` . When a KMS key with Origin ``EXTERNAL`` is created, the key state is ``PENDING_IMPORT`` and ``ENABLED`` is ``false`` . After you import the key material, ``ENABLED`` updated to ``true`` . The KMS key can then be used for Cryptographic Operations. .. epigraph:: AWS CloudFormation doesn't support creating an ``Origin`` parameter of the ``AWS_CLOUDHSM`` or ``EXTERNAL_KEY_STORE`` values. Default: - "AWS_KMS"
         :param pending_window_in_days: Specifies the number of days in the waiting period before AWS KMS deletes a KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days. When you remove a KMS key from a CloudFormation stack, AWS KMS schedules the KMS key for deletion and starts the mandatory waiting period. The ``PendingWindowInDays`` property determines the length of waiting period. During the waiting period, the key state of KMS key is ``Pending Deletion`` or ``Pending Replica Deletion`` , which prevents the KMS key from being used in cryptographic operations. When the waiting period expires, AWS KMS permanently deletes the KMS key. AWS KMS will not delete a `multi-Region primary key <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html>`_ that has replica keys. If you remove a multi-Region primary key from a CloudFormation stack, its key state changes to ``PendingReplicaDeletion`` so it cannot be replicated or used in cryptographic operations. This state can persist indefinitely. When the last of its replica keys is deleted, the key state of the primary key changes to ``PendingDeletion`` and the waiting period specified by ``PendingWindowInDays`` begins. When this waiting period expires, AWS KMS deletes the primary key. For details, see `Deleting multi-Region keys <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html>`_ in the *AWS Key Management Service Developer Guide* . You cannot use a CloudFormation template to cancel deletion of the KMS key after you remove it from the stack, regardless of the waiting period. If you specify a KMS key in your template, even one with the same name, CloudFormation creates a new KMS key. To cancel deletion of a KMS key, use the AWS KMS console or the `CancelKeyDeletion <https://docs.aws.amazon.com/kms/latest/APIReference/API_CancelKeyDeletion.html>`_ operation. For information about the ``Pending Deletion`` and ``Pending Replica Deletion`` key states, see `Key state: Effect on your KMS key <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html>`_ in the *AWS Key Management Service Developer Guide* . For more information about deleting KMS keys, see the `ScheduleKeyDeletion <https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html>`_ operation in the *AWS Key Management Service API Reference* and `Deleting KMS keys <https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html>`_ in the *AWS Key Management Service Developer Guide* .
-        :param rotation_period_in_days: The number of days between each automatic rotation. The default value is 365 days. Default: - 365
+        :param rotation_period_in_days: Specifies a custom period of time between each rotation date. If no value is specified, the default value is 365 days. The rotation period defines the number of days after you enable automatic key rotation that AWS KMS will rotate your key material, and the number of days between each automatic rotation thereafter. You can use the ```kms:RotationPeriodInDays`` <https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-rotation-period-in-days>`_ condition key to further constrain the values that principals can specify in the ``RotationPeriodInDays`` parameter. For more information about rotating KMS keys and automatic rotation, see `Rotating keys <https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html>`_ in the *AWS Key Management Service Developer Guide* . Default: - 365
         :param tags: Assigns one or more tags to the replica key. .. epigraph:: Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see `ABAC for AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/abac.html>`_ in the *AWS Key Management Service Developer Guide* . For information about tags in AWS KMS , see `Tagging keys <https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html>`_ in the *AWS Key Management Service Developer Guide* . For information about tags in CloudFormation, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html
@@ -1352,9 +1352,15 @@ class CfnKeyProps:
 
     @builtins.property
     def rotation_period_in_days(self) -> typing.Optional[jsii.Number]:
-        '''The number of days between each automatic rotation.
+        '''Specifies a custom period of time between each rotation date.
 
-        The default value is 365 days.
+        If no value is specified, the default value is 365 days.
+
+        The rotation period defines the number of days after you enable automatic key rotation that AWS KMS will rotate your key material, and the number of days between each automatic rotation thereafter.
+
+        You can use the ```kms:RotationPeriodInDays`` <https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-rotation-period-in-days>`_ condition key to further constrain the values that principals can specify in the ``RotationPeriodInDays`` parameter.
+
+        For more information about rotating KMS keys and automatic rotation, see `Rotating keys <https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html>`_ in the *AWS Key Management Service Developer Guide* .
 
         :default: - 365
 

aws_cdk/aws_lambda_nodejs/__init__.py

@@ -157,6 +157,9 @@ environment.
 When passing a runtime that is known to include a version of the aws sdk, it will be excluded by default. For example, when
 passing `NODEJS_16_X`, `aws-sdk` is excluded. When passing `NODEJS_18_X`,  all `@aws-sdk/*` packages are excluded.
 
+> [!WARNING]
+> The NodeJS runtime of Node 16 will be deprecated by Lambda on June 12, 2024. Lambda runtimes Node 18 and higher include SDKv3 and not SDKv2. Updating your Lambda runtime from <=Node 16 to any newer version will require bundling the SDK with your handler code, or updating all SDK calls in your handler code to use SDKv3 (which is not a trivial update). Please account for this added complexity and update as soon as possible.
+
 This can be configured by specifying `bundling.externalModules`:
 
 ```python

aws_cdk/aws_location/__init__.py

@@ -742,7 +742,7 @@ class CfnGeofenceCollection(
         :param description: An optional description for the geofence collection.
         :param kms_key_id: A key identifier for an `AWS KMS customer managed key <https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html>`_ . Enter a key ID, key ARN, alias name, or alias ARN.
         :param pricing_plan: 
-        :param pricing_plan_data_source: 
+        :param pricing_plan_data_source: (deprecated) This shape is deprecated since 2022-02-01: Deprecated. No longer allowed.
         :param tags: Applies one or more tags to the geofence collection. A tag is a key-value pair helps manage, identify, search, and filter your resources by labelling them. Format: ``"key" : "value"`` Restrictions: - Maximum 50 tags per resource - Each resource tag must be unique with a maximum of one value. - Maximum key length: 128 Unicode characters in UTF-8 - Maximum value length: 256 Unicode characters in UTF-8 - Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : /
         '''
         if __debug__:
@@ -904,7 +904,8 @@ class CfnGeofenceCollection(
     @builtins.property
     @jsii.member(jsii_name="pricingPlanDataSource")
     def pricing_plan_data_source(self) -> typing.Optional[builtins.str]:
-        '''
+        '''(deprecated) This shape is deprecated since 2022-02-01: Deprecated.
+
         :deprecated: this property has been deprecated
 
         :stability: deprecated
@@ -961,7 +962,7 @@ class CfnGeofenceCollectionProps:
         :param description: An optional description for the geofence collection.
         :param kms_key_id: A key identifier for an `AWS KMS customer managed key <https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html>`_ . Enter a key ID, key ARN, alias name, or alias ARN.
         :param pricing_plan: 
-        :param pricing_plan_data_source: 
+        :param pricing_plan_data_source: (deprecated) This shape is deprecated since 2022-02-01: Deprecated. No longer allowed.
         :param tags: Applies one or more tags to the geofence collection. A tag is a key-value pair helps manage, identify, search, and filter your resources by labelling them. Format: ``"key" : "value"`` Restrictions: - Maximum 50 tags per resource - Each resource tag must be unique with a maximum of one value. - Maximum key length: 128 Unicode characters in UTF-8 - Maximum value length: 256 Unicode characters in UTF-8 - Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : /
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-location-geofencecollection.html
@@ -1056,7 +1057,10 @@ class CfnGeofenceCollectionProps:
 
     @builtins.property
     def pricing_plan_data_source(self) -> typing.Optional[builtins.str]:
-        '''
+        '''(deprecated) This shape is deprecated since 2022-02-01: Deprecated.
+
+        No longer allowed.
+
         :deprecated: this property has been deprecated
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-location-geofencecollection.html#cfn-location-geofencecollection-pricingplandatasource

aws_cdk/aws_logs/__init__.py

@@ -69,7 +69,7 @@ log_group = logs.LogGroup(self, "LogGroup")
 log_group.grant_write(iam.ServicePrincipal("es.amazonaws.com"))
 ```
 
-Similarily, read permissions can be granted to the log group as follows.
+Similarly, read permissions can be granted to the log group as follows.
 
 ```python
 log_group = logs.LogGroup(self, "LogGroup")
@@ -6018,7 +6018,7 @@ class LogGroup(
         :param scope: -
         :param id: -
         :param data_protection_policy: Data Protection Policy for this log group. Default: - no data protection policy
-        :param encryption_key: The KMS customer managed key to encrypt the log group with. Default: Server-side encrpytion managed by the CloudWatch Logs service
+        :param encryption_key: The KMS customer managed key to encrypt the log group with. Default: Server-side encryption managed by the CloudWatch Logs service
         :param log_group_class: The class of the log group. Possible values are: STANDARD and INFREQUENT_ACCESS. INFREQUENT_ACCESS class provides customers a cost-effective way to consolidate logs which supports querying using Logs Insights. The logGroupClass property cannot be changed once the log group is created. Default: LogGroupClass.STANDARD
         :param log_group_name: Name of the log group. Default: Automatically generated
         :param removal_policy: Determine the removal policy of this log group. Normally you want to retain the log group so you can diagnose issues from logs even after a deployment that no longer includes the log group. In that case, use the normal date-based retention policy to age out your logs. Default: RemovalPolicy.Retain
@@ -6312,7 +6312,7 @@ class LogGroupProps:
         '''Properties for a LogGroup.
 
         :param data_protection_policy: Data Protection Policy for this log group. Default: - no data protection policy
-        :param encryption_key: The KMS customer managed key to encrypt the log group with. Default: Server-side encrpytion managed by the CloudWatch Logs service
+        :param encryption_key: The KMS customer managed key to encrypt the log group with. Default: Server-side encryption managed by the CloudWatch Logs service
         :param log_group_class: The class of the log group. Possible values are: STANDARD and INFREQUENT_ACCESS. INFREQUENT_ACCESS class provides customers a cost-effective way to consolidate logs which supports querying using Logs Insights. The logGroupClass property cannot be changed once the log group is created. Default: LogGroupClass.STANDARD
         :param log_group_name: Name of the log group. Default: Automatically generated
         :param removal_policy: Determine the removal policy of this log group. Normally you want to retain the log group so you can diagnose issues from logs even after a deployment that no longer includes the log group. In that case, use the normal date-based retention policy to age out your logs. Default: RemovalPolicy.Retain
@@ -6386,7 +6386,7 @@ class LogGroupProps:
     def encryption_key(self) -> typing.Optional[_IKey_5f11635f]:
         '''The KMS customer managed key to encrypt the log group with.
 
-        :default: Server-side encrpytion managed by the CloudWatch Logs service
+        :default: Server-side encryption managed by the CloudWatch Logs service
         '''
         result = self._values.get("encryption_key")
         return typing.cast(typing.Optional[_IKey_5f11635f], result)
@@ -8701,7 +8701,7 @@ class CustomDataIdentifier(
         '''Create a custom data identifier.
 
         :param name: - the name of the custom data identifier. This cannot share the same name as a managed data identifier.
-        :param regex: - the regular expresssion to detect and mask log events for.
+        :param regex: - the regular expression to detect and mask log events for.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__8962f986463b4e81629495838f26c8990feeca56061597cb66e94771b4cfb79d)
@@ -8729,7 +8729,7 @@ class CustomDataIdentifier(
     @builtins.property
     @jsii.member(jsii_name="regex")
     def regex(self) -> builtins.str:
-        '''- the regular expresssion to detect and mask log events for.'''
+        '''- the regular expression to detect and mask log events for.'''
         return typing.cast(builtins.str, jsii.get(self, "regex"))
 
 

aws_cdk/aws_oam/__init__.py

@@ -116,7 +116,7 @@ class CfnLink(
         :param resource_types: An array of strings that define which types of data that the source account shares with the monitoring account. Valid values are ``AWS::CloudWatch::Metric | AWS::Logs::LogGroup | AWS::XRay::Trace | AWS::ApplicationInsights::Application | AWS::InternetMonitor::Monitor`` .
         :param sink_identifier: The ARN of the sink in the monitoring account that you want to link to. You can use `ListSinks <https://docs.aws.amazon.com/OAM/latest/APIReference/API_ListSinks.html>`_ to find the ARNs of sinks.
         :param label_template: Specify a friendly human-readable name to use to identify this source account when you are viewing data from it in the monitoring account. You can include the following variables in your template: - ``$AccountName`` is the name of the account - ``$AccountEmail`` is a globally-unique email address, which includes the email domain, such as ``mariagarcia@example.com`` - ``$AccountEmailNoDomain`` is an email address without the domain name, such as ``mariagarcia``
-        :param link_configuration: 
+        :param link_configuration: Use this structure to optionally create filters that specify that only some metric namespaces or log groups are to be shared from the source account to the monitoring account.
         :param tags: An array of key-value pairs to apply to the link. For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
         '''
         if __debug__:
@@ -240,6 +240,7 @@ class CfnLink(
     def link_configuration(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnLink.LinkConfigurationProperty"]]:
+        '''Use this structure to optionally create filters that specify that only some metric namespaces or log groups are to be shared from the source account to the monitoring account.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnLink.LinkConfigurationProperty"]], jsii.get(self, "linkConfiguration"))
 
     @link_configuration.setter
@@ -283,9 +284,10 @@ class CfnLink(
             log_group_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnLink.LinkFilterProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             metric_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnLink.LinkFilterProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         ) -> None:
-            '''
-            :param log_group_configuration: 
-            :param metric_configuration: 
+            '''Use this structure to optionally create filters that specify that only some metric namespaces or log groups are to be shared from the source account to the monitoring account.
+
+            :param log_group_configuration: Use this structure to filter which log groups are to share log events from this source account to the monitoring account.
+            :param metric_configuration: Use this structure to filter which metric namespaces are to be shared from the source account to the monitoring account.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-oam-link-linkconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -319,7 +321,8 @@ class CfnLink(
         def log_group_configuration(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnLink.LinkFilterProperty"]]:
-            '''
+            '''Use this structure to filter which log groups are to share log events from this source account to the monitoring account.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-oam-link-linkconfiguration.html#cfn-oam-link-linkconfiguration-loggroupconfiguration
             '''
             result = self._values.get("log_group_configuration")
@@ -329,7 +332,8 @@ class CfnLink(
         def metric_configuration(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnLink.LinkFilterProperty"]]:
-            '''
+            '''Use this structure to filter which metric namespaces are to be shared from the source account to the monitoring account.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-oam-link-linkconfiguration.html#cfn-oam-link-linkconfiguration-metricconfiguration
             '''
             result = self._values.get("metric_configuration")
@@ -353,8 +357,11 @@ class CfnLink(
     )
     class LinkFilterProperty:
         def __init__(self, *, filter: builtins.str) -> None:
-            '''
-            :param filter: 
+            '''When used in ``MetricConfiguration`` this field specifies which metric namespaces are to be shared with the monitoring account.
+
+            When used in ``LogGroupConfiguration`` this field specifies which log groups are to share their log events with the monitoring account. Use the term ``LogGroupName`` and one or more of the following operands.
+
+            :param filter: When used in ``MetricConfiguration`` this field specifies which metric namespaces are to be shared with the monitoring account. When used in ``LogGroupConfiguration`` this field specifies which log groups are to share their log events with the monitoring account. Use the term ``LogGroupName`` and one or more of the following operands. Use single quotation marks (') around log group names and metric namespaces. The matching of log group names and metric namespaces is case sensitive. Each filter has a limit of five conditional operands. Conditional operands are ``AND`` and ``OR`` . - ``=`` and ``!=`` - ``AND`` - ``OR`` - ``LIKE`` and ``NOT LIKE`` . These can be used only as prefix searches. Include a ``%`` at the end of the string that you want to search for and include. - ``IN`` and ``NOT IN`` , using parentheses ``( )`` Examples: - ``Namespace NOT LIKE 'AWS/%'`` includes only namespaces that don't start with ``AWS/`` , such as custom namespaces. - ``Namespace IN ('AWS/EC2', 'AWS/ELB', 'AWS/S3')`` includes only the metrics in the EC2, Elastic Load Balancing , and Amazon S3 namespaces. - ``Namespace = 'AWS/EC2' OR Namespace NOT LIKE 'AWS/%'`` includes only the EC2 namespace and your custom namespaces. - ``LogGroupName IN ('This-Log-Group', 'Other-Log-Group')`` includes only the log groups with names ``This-Log-Group`` and ``Other-Log-Group`` . - ``LogGroupName NOT IN ('Private-Log-Group', 'Private-Log-Group-2')`` includes all log groups except the log groups with names ``Private-Log-Group`` and ``Private-Log-Group-2`` . - ``LogGroupName LIKE 'aws/lambda/%' OR LogGroupName LIKE 'AWSLogs%'`` includes all log groups that have names that start with ``aws/lambda/`` or ``AWSLogs`` . .. epigraph:: If you are updating a link that uses filters, you can specify ``*`` as the only value for the ``filter`` parameter to delete the filter and share all log groups with the monitoring account.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-oam-link-linkfilter.html
             :exampleMetadata: fixture=_generated
@@ -378,7 +385,33 @@ class CfnLink(
 
         @builtins.property
         def filter(self) -> builtins.str:
-            '''
+            '''When used in ``MetricConfiguration`` this field specifies which metric namespaces are to be shared with the monitoring account.
+
+            When used in ``LogGroupConfiguration`` this field specifies which log groups are to share their log events with the monitoring account. Use the term ``LogGroupName`` and one or more of the following operands.
+
+            Use single quotation marks (') around log group names and metric namespaces.
+
+            The matching of log group names and metric namespaces is case sensitive. Each filter has a limit of five conditional operands. Conditional operands are ``AND`` and ``OR`` .
+
+            - ``=`` and ``!=``
+            - ``AND``
+            - ``OR``
+            - ``LIKE`` and ``NOT LIKE`` . These can be used only as prefix searches. Include a ``%`` at the end of the string that you want to search for and include.
+            - ``IN`` and ``NOT IN`` , using parentheses ``( )``
+
+            Examples:
+
+            - ``Namespace NOT LIKE 'AWS/%'`` includes only namespaces that don't start with ``AWS/`` , such as custom namespaces.
+            - ``Namespace IN ('AWS/EC2', 'AWS/ELB', 'AWS/S3')`` includes only the metrics in the EC2, Elastic Load Balancing , and Amazon S3 namespaces.
+            - ``Namespace = 'AWS/EC2' OR Namespace NOT LIKE 'AWS/%'`` includes only the EC2 namespace and your custom namespaces.
+            - ``LogGroupName IN ('This-Log-Group', 'Other-Log-Group')`` includes only the log groups with names ``This-Log-Group`` and ``Other-Log-Group`` .
+            - ``LogGroupName NOT IN ('Private-Log-Group', 'Private-Log-Group-2')`` includes all log groups except the log groups with names ``Private-Log-Group`` and ``Private-Log-Group-2`` .
+            - ``LogGroupName LIKE 'aws/lambda/%' OR LogGroupName LIKE 'AWSLogs%'`` includes all log groups that have names that start with ``aws/lambda/`` or ``AWSLogs`` .
+
+            .. epigraph::
+
+               If you are updating a link that uses filters, you can specify ``*`` as the only value for the ``filter`` parameter to delete the filter and share all log groups with the monitoring account.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-oam-link-linkfilter.html#cfn-oam-link-linkfilter-filter
             '''
             result = self._values.get("filter")
@@ -423,7 +456,7 @@ class CfnLinkProps:
         :param resource_types: An array of strings that define which types of data that the source account shares with the monitoring account. Valid values are ``AWS::CloudWatch::Metric | AWS::Logs::LogGroup | AWS::XRay::Trace | AWS::ApplicationInsights::Application | AWS::InternetMonitor::Monitor`` .
         :param sink_identifier: The ARN of the sink in the monitoring account that you want to link to. You can use `ListSinks <https://docs.aws.amazon.com/OAM/latest/APIReference/API_ListSinks.html>`_ to find the ARNs of sinks.
         :param label_template: Specify a friendly human-readable name to use to identify this source account when you are viewing data from it in the monitoring account. You can include the following variables in your template: - ``$AccountName`` is the name of the account - ``$AccountEmail`` is a globally-unique email address, which includes the email domain, such as ``mariagarcia@example.com`` - ``$AccountEmailNoDomain`` is an email address without the domain name, such as ``mariagarcia``
-        :param link_configuration: 
+        :param link_configuration: Use this structure to optionally create filters that specify that only some metric namespaces or log groups are to be shared from the source account to the monitoring account.
         :param tags: An array of key-value pairs to apply to the link. For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-oam-link.html
@@ -515,7 +548,8 @@ class CfnLinkProps:
     def link_configuration(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnLink.LinkConfigurationProperty]]:
-        '''
+        '''Use this structure to optionally create filters that specify that only some metric namespaces or log groups are to be shared from the source account to the monitoring account.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-oam-link.html#cfn-oam-link-linkconfiguration
         '''
         result = self._values.get("link_configuration")

aws_cdk/aws_omics/__init__.py

@@ -2565,7 +2565,7 @@ class CfnWorkflow(
         :param main: The path of the main definition file for the workflow.
         :param name: The workflow's name.
         :param parameter_template: The workflow's parameter template.
-        :param storage_capacity: A storage capacity for the workflow in gibibytes.
+        :param storage_capacity: The default storage capacity for the workflow runs, in gibibytes.
         :param tags: Tags for the workflow.
         '''
         if __debug__:
@@ -2770,7 +2770,7 @@ class CfnWorkflow(
     @builtins.property
     @jsii.member(jsii_name="storageCapacity")
     def storage_capacity(self) -> typing.Optional[jsii.Number]:
-        '''A storage capacity for the workflow in gibibytes.'''
+        '''The default storage capacity for the workflow runs, in gibibytes.'''
         return typing.cast(typing.Optional[jsii.Number], jsii.get(self, "storageCapacity"))
 
     @storage_capacity.setter
@@ -2907,7 +2907,7 @@ class CfnWorkflowProps:
         :param main: The path of the main definition file for the workflow.
         :param name: The workflow's name.
         :param parameter_template: The workflow's parameter template.
-        :param storage_capacity: A storage capacity for the workflow in gibibytes.
+        :param storage_capacity: The default storage capacity for the workflow runs, in gibibytes.
         :param tags: Tags for the workflow.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-omics-workflow.html
@@ -3035,7 +3035,7 @@ class CfnWorkflowProps:
 
     @builtins.property
     def storage_capacity(self) -> typing.Optional[jsii.Number]:
-        '''A storage capacity for the workflow in gibibytes.
+        '''The default storage capacity for the workflow runs, in gibibytes.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-omics-workflow.html#cfn-omics-workflow-storagecapacity
         '''