aws-cdk-lib 2.142.1__py3-none-any.whl → 2.143.1__py3-none-any.whl

aws_cdk/aws_rds/__init__.py

@@ -431,7 +431,7 @@ Example for max storage configuration:
 # vpc: ec2.Vpc
 
 instance = rds.DatabaseInstance(self, "Instance",
-    engine=rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_15_2),
+    engine=rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_16_3),
     # optional, defaults to m5.large
     instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.SMALL),
     vpc=vpc,
@@ -445,7 +445,7 @@ To use dual-stack mode, specify `NetworkType.DUAL` on the `networkType` property
 # vpc: ec2.Vpc
 # VPC and subnets must have IPv6 CIDR blocks
 instance = rds.DatabaseInstance(self, "Instance",
-    engine=rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_15_2),
+    engine=rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_16_3),
     vpc=vpc,
     network_type=rds.NetworkType.DUAL,
     publicly_accessible=False
@@ -464,7 +464,7 @@ a source database respectively:
 
 rds.DatabaseInstanceFromSnapshot(self, "Instance",
     snapshot_identifier="my-snapshot",
-    engine=rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_15_2),
+    engine=rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_16_3),
     # optional, defaults to m5.large
     instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.LARGE),
     vpc=vpc
@@ -775,7 +775,7 @@ The following examples use a `DatabaseInstance`, but the same usage is applicabl
 ```python
 # vpc: ec2.Vpc
 
-engine = rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_15_2)
+engine = rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_16_3)
 rds.DatabaseInstance(self, "InstanceWithUsername",
     engine=engine,
     vpc=vpc,
@@ -801,7 +801,7 @@ Secrets generated by `fromGeneratedSecret()` can be customized:
 ```python
 # vpc: ec2.Vpc
 
-engine = rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_15_2)
+engine = rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_16_3)
 my_key = kms.Key(self, "MyKey")
 
 rds.DatabaseInstance(self, "InstanceWithCustomizedSecret",
@@ -823,7 +823,7 @@ As noted above, Databases created with `DatabaseInstanceFromSnapshot` or `Server
 ```python
 # vpc: ec2.Vpc
 
-engine = rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_15_2)
+engine = rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_16_3)
 my_key = kms.Key(self, "MyKey")
 
 rds.DatabaseInstanceFromSnapshot(self, "InstanceFromSnapshotWithCustomizedSecret",
@@ -1238,7 +1238,7 @@ audit_log_group = cluster.cloudwatch_log_groups.audit
 # Exporting logs from an instance
 instance = rds.DatabaseInstance(self, "Instance",
     engine=rds.DatabaseInstanceEngine.postgres(
-        version=rds.PostgresEngineVersion.VER_15_2
+        version=rds.PostgresEngineVersion.VER_16_3
     ),
     vpc=vpc,
     cloudwatch_logs_exports=["postgresql"],  # Export the PostgreSQL logs
@@ -2148,7 +2148,12 @@ class AuroraMysqlEngineVersion(
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_2_07_10")
     def VER_2_07_10(cls) -> "AuroraMysqlEngineVersion":
-        '''Version "5.7.mysql_aurora.2.07.10".'''
+        '''(deprecated) Version "5.7.mysql_aurora.2.07.10".
+
+        :deprecated: Version 5.7.mysql_aurora.2.07.10 is no longer supported by Amazon RDS.
+
+        :stability: deprecated
+        '''
         return typing.cast("AuroraMysqlEngineVersion", jsii.sget(cls, "VER_2_07_10"))
 
     @jsii.python.classproperty
@@ -2231,7 +2236,12 @@ class AuroraMysqlEngineVersion(
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_2_07_9")
     def VER_2_07_9(cls) -> "AuroraMysqlEngineVersion":
-        '''Version "5.7.mysql_aurora.2.07.9".'''
+        '''(deprecated) Version "5.7.mysql_aurora.2.07.9".
+
+        :deprecated: Version 5.7.mysql_aurora.2.07.9 is no longer supported by Amazon RDS.
+
+        :stability: deprecated
+        '''
         return typing.cast("AuroraMysqlEngineVersion", jsii.sget(cls, "VER_2_07_9"))
 
     @jsii.python.classproperty
@@ -2433,37 +2443,67 @@ class AuroraMysqlEngineVersion(
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_3_01_0")
     def VER_3_01_0(cls) -> "AuroraMysqlEngineVersion":
-        '''Version "8.0.mysql_aurora.3.01.0".'''
+        '''(deprecated) Version "8.0.mysql_aurora.3.01.0".
+
+        :deprecated: Aurora MySQL 8.0.mysql_aurora.3.01.0 is no longer supported by Amazon RDS.
+
+        :stability: deprecated
+        '''
         return typing.cast("AuroraMysqlEngineVersion", jsii.sget(cls, "VER_3_01_0"))
 
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_3_01_1")
     def VER_3_01_1(cls) -> "AuroraMysqlEngineVersion":
-        '''Version "8.0.mysql_aurora.3.01.1".'''
+        '''(deprecated) Version "8.0.mysql_aurora.3.01.1".
+
+        :deprecated: Aurora MySQL 8.0.mysql_aurora.3.01.1 is no longer supported by Amazon RDS.
+
+        :stability: deprecated
+        '''
         return typing.cast("AuroraMysqlEngineVersion", jsii.sget(cls, "VER_3_01_1"))
 
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_3_02_0")
     def VER_3_02_0(cls) -> "AuroraMysqlEngineVersion":
-        '''Version "8.0.mysql_aurora.3.02.0".'''
+        '''(deprecated) Version "8.0.mysql_aurora.3.02.0".
+
+        :deprecated: Aurora MySQL 8.0.mysql_aurora.3.02.0 is no longer supported by Amazon RDS.
+
+        :stability: deprecated
+        '''
         return typing.cast("AuroraMysqlEngineVersion", jsii.sget(cls, "VER_3_02_0"))
 
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_3_02_1")
     def VER_3_02_1(cls) -> "AuroraMysqlEngineVersion":
-        '''Version "8.0.mysql_aurora.3.02.1".'''
+        '''(deprecated) Version "8.0.mysql_aurora.3.02.1".
+
+        :deprecated: Aurora MySQL 8.0.mysql_aurora.3.02.1 is no longer supported by Amazon RDS.
+
+        :stability: deprecated
+        '''
         return typing.cast("AuroraMysqlEngineVersion", jsii.sget(cls, "VER_3_02_1"))
 
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_3_02_2")
     def VER_3_02_2(cls) -> "AuroraMysqlEngineVersion":
-        '''Version "8.0.mysql_aurora.3.02.2".'''
+        '''(deprecated) Version "8.0.mysql_aurora.3.02.2".
+
+        :deprecated: Aurora MySQL 8.0.mysql_aurora.3.02.2 is no longer supported by Amazon RDS.
+
+        :stability: deprecated
+        '''
         return typing.cast("AuroraMysqlEngineVersion", jsii.sget(cls, "VER_3_02_2"))
 
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_3_02_3")
     def VER_3_02_3(cls) -> "AuroraMysqlEngineVersion":
-        '''Version "8.0.mysql_aurora.3.02.3".'''
+        '''(deprecated) Version "8.0.mysql_aurora.3.02.3".
+
+        :deprecated: Aurora MySQL 8.0.mysql_aurora.3.02.3 is no longer supported by Amazon RDS.
+
+        :stability: deprecated
+        '''
         return typing.cast("AuroraMysqlEngineVersion", jsii.sget(cls, "VER_3_02_3"))
 
     @jsii.python.classproperty
@@ -3215,6 +3255,12 @@ class AuroraPostgresEngineVersion(
         '''Version "12.17".'''
         return typing.cast("AuroraPostgresEngineVersion", jsii.sget(cls, "VER_12_17"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_12_18")
+    def VER_12_18(cls) -> "AuroraPostgresEngineVersion":
+        '''Version "12.18".'''
+        return typing.cast("AuroraPostgresEngineVersion", jsii.sget(cls, "VER_12_18"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_12_4")
     def VER_12_4(cls) -> "AuroraPostgresEngineVersion":
@@ -3289,6 +3335,12 @@ class AuroraPostgresEngineVersion(
         '''Version "13.13".'''
         return typing.cast("AuroraPostgresEngineVersion", jsii.sget(cls, "VER_13_13"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_13_14")
+    def VER_13_14(cls) -> "AuroraPostgresEngineVersion":
+        '''Version "13.14".'''
+        return typing.cast("AuroraPostgresEngineVersion", jsii.sget(cls, "VER_13_14"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_13_3")
     def VER_13_3(cls) -> "AuroraPostgresEngineVersion":
@@ -3357,6 +3409,12 @@ class AuroraPostgresEngineVersion(
         '''Version "14.10".'''
         return typing.cast("AuroraPostgresEngineVersion", jsii.sget(cls, "VER_14_10"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_14_11")
+    def VER_14_11(cls) -> "AuroraPostgresEngineVersion":
+        '''Version "14.11".'''
+        return typing.cast("AuroraPostgresEngineVersion", jsii.sget(cls, "VER_14_11"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_14_3")
     def VER_14_3(cls) -> "AuroraPostgresEngineVersion":
@@ -18702,7 +18760,7 @@ class CredentialsBaseOptions:
 
             # vpc: ec2.Vpc
             
-            engine = rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_15_2)
+            engine = rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_16_3)
             my_key = kms.Key(self, "MyKey")
             
             rds.DatabaseInstance(self, "InstanceWithCustomizedSecret",
@@ -22238,7 +22296,7 @@ class DatabaseInstanceReadReplicaProps(DatabaseInstanceNewProps):
             
             rds.DatabaseInstanceFromSnapshot(self, "Instance",
                 snapshot_identifier="my-snapshot",
-                engine=rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_15_2),
+                engine=rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_16_3),
                 # optional, defaults to m5.large
                 instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.LARGE),
                 vpc=vpc
@@ -32261,7 +32319,7 @@ class PostgresEngineVersion(
 
         # vpc: ec2.Vpc
         
-        engine = rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_15_2)
+        engine = rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_16_3)
         my_key = kms.Key(self, "MyKey")
         
         rds.DatabaseInstance(self, "InstanceWithCustomizedSecret",
@@ -33181,6 +33239,12 @@ class PostgresEngineVersion(
         '''Version "16.2".'''
         return typing.cast("PostgresEngineVersion", jsii.sget(cls, "VER_16_2"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_16_3")
+    def VER_16_3(cls) -> "PostgresEngineVersion":
+        '''Version "16.3".'''
+        return typing.cast("PostgresEngineVersion", jsii.sget(cls, "VER_16_3"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_9_6_24")
     def VER_9_6_24(cls) -> "PostgresEngineVersion":
@@ -33224,7 +33288,7 @@ class PostgresInstanceEngineProps:
 
             # vpc: ec2.Vpc
             
-            engine = rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_15_2)
+            engine = rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_16_3)
             my_key = kms.Key(self, "MyKey")
             
             rds.DatabaseInstance(self, "InstanceWithCustomizedSecret",
@@ -35941,7 +36005,7 @@ class SnapshotCredentials(
 
         # vpc: ec2.Vpc
         
-        engine = rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_15_2)
+        engine = rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_16_3)
         my_key = kms.Key(self, "MyKey")
         
         rds.DatabaseInstanceFromSnapshot(self, "InstanceFromSnapshotWithCustomizedSecret",
@@ -36251,7 +36315,7 @@ class SnapshotCredentialsFromGeneratedPasswordOptions:
 
             # vpc: ec2.Vpc
             
-            engine = rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_15_2)
+            engine = rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_16_3)
             my_key = kms.Key(self, "MyKey")
             
             rds.DatabaseInstanceFromSnapshot(self, "InstanceFromSnapshotWithCustomizedSecret",
@@ -39748,7 +39812,7 @@ class DatabaseInstanceFromSnapshot(
         
         rds.DatabaseInstanceFromSnapshot(self, "Instance",
             snapshot_identifier="my-snapshot",
-            engine=rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_15_2),
+            engine=rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_16_3),
             # optional, defaults to m5.large
             instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.LARGE),
             vpc=vpc
@@ -40305,7 +40369,7 @@ class DatabaseInstanceFromSnapshotProps(DatabaseInstanceSourceProps):
             
             rds.DatabaseInstanceFromSnapshot(self, "Instance",
                 snapshot_identifier="my-snapshot",
-                engine=rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_15_2),
+                engine=rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_16_3),
                 # optional, defaults to m5.large
                 instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.LARGE),
                 vpc=vpc
@@ -42027,7 +42091,7 @@ class DatabaseInstanceReadReplica(
         
         rds.DatabaseInstanceFromSnapshot(self, "Instance",
             snapshot_identifier="my-snapshot",
-            engine=rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_15_2),
+            engine=rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_16_3),
             # optional, defaults to m5.large
             instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.LARGE),
             vpc=vpc

aws_cdk/aws_redshift/__init__.py

@@ -123,7 +123,6 @@ class CfnCluster(
             maintenance_track_name="maintenanceTrackName",
             manage_master_password=False,
             manual_snapshot_retention_period=123,
-            master_password_secret_kms_key_id="masterPasswordSecretKmsKeyId",
             master_user_password="masterUserPassword",
             multi_az=False,
             namespace_resource_policy=namespace_resource_policy,
@@ -186,7 +185,6 @@ class CfnCluster(
         maintenance_track_name: typing.Optional[builtins.str] = None,
         manage_master_password: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         manual_snapshot_retention_period: typing.Optional[jsii.Number] = None,
-        master_password_secret_kms_key_id: typing.Optional[builtins.str] = None,
         master_user_password: typing.Optional[builtins.str] = None,
         multi_az: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         namespace_resource_policy: typing.Any = None,
@@ -242,7 +240,6 @@ class CfnCluster(
         :param maintenance_track_name: An optional parameter for the name of the maintenance track for the cluster. If you don't provide a maintenance track name, the cluster is assigned to the ``current`` track.
         :param manage_master_password: If ``true`` , Amazon Redshift uses AWS Secrets Manager to manage this cluster's admin credentials. You can't use ``MasterUserPassword`` if ``ManageMasterPassword`` is true. If ``ManageMasterPassword`` is false or not set, Amazon Redshift uses ``MasterUserPassword`` for the admin user account's password.
         :param manual_snapshot_retention_period: The default number of days to retain a manual snapshot. If the value is -1, the snapshot is retained indefinitely. This setting doesn't change the retention period of existing snapshots. The value must be either -1 or an integer between 1 and 3,653.
-        :param master_password_secret_kms_key_id: The ID of the AWS Key Management Service (KMS) key used to encrypt and store the cluster's admin credentials secret. You can only use this parameter if ``ManageMasterPassword`` is true.
         :param master_user_password: The password associated with the admin user account for the cluster that is being created. You can't use ``MasterUserPassword`` if ``ManageMasterPassword`` is ``true`` . Constraints: - Must be between 8 and 64 characters in length. - Must contain at least one uppercase letter. - Must contain at least one lowercase letter. - Must contain one number. - Can be any printable ASCII character (ASCII code 33-126) except ``'`` (single quote), ``"`` (double quote), ``\\`` , ``/`` , or ``@`` .
         :param multi_az: A boolean indicating whether Amazon Redshift should deploy the cluster in two Availability Zones. The default is false.
         :param namespace_resource_policy: The policy that is attached to a resource.
@@ -300,7 +297,6 @@ class CfnCluster(
             maintenance_track_name=maintenance_track_name,
             manage_master_password=manage_master_password,
             manual_snapshot_retention_period=manual_snapshot_retention_period,
-            master_password_secret_kms_key_id=master_password_secret_kms_key_id,
             master_user_password=master_user_password,
             multi_az=multi_az,
             namespace_resource_policy=namespace_resource_policy,
@@ -922,22 +918,6 @@ class CfnCluster(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "manualSnapshotRetentionPeriod", value)
 
-    @builtins.property
-    @jsii.member(jsii_name="masterPasswordSecretKmsKeyId")
-    def master_password_secret_kms_key_id(self) -> typing.Optional[builtins.str]:
-        '''The ID of the AWS Key Management Service (KMS) key used to encrypt and store the cluster's admin credentials secret.'''
-        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "masterPasswordSecretKmsKeyId"))
-
-    @master_password_secret_kms_key_id.setter
-    def master_password_secret_kms_key_id(
-        self,
-        value: typing.Optional[builtins.str],
-    ) -> None:
-        if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__e26594c22a23597c2bcb39be035e857bb61d132ed89a50d4d58e1a8f8c369e12)
-            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "masterPasswordSecretKmsKeyId", value)
-
     @builtins.property
     @jsii.member(jsii_name="masterUserPassword")
     def master_user_password(self) -> typing.Optional[builtins.str]:
@@ -1797,7 +1777,6 @@ class CfnClusterParameterGroupProps:
         "maintenance_track_name": "maintenanceTrackName",
         "manage_master_password": "manageMasterPassword",
         "manual_snapshot_retention_period": "manualSnapshotRetentionPeriod",
-        "master_password_secret_kms_key_id": "masterPasswordSecretKmsKeyId",
         "master_user_password": "masterUserPassword",
         "multi_az": "multiAz",
         "namespace_resource_policy": "namespaceResourcePolicy",
@@ -1855,7 +1834,6 @@ class CfnClusterProps:
         maintenance_track_name: typing.Optional[builtins.str] = None,
         manage_master_password: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         manual_snapshot_retention_period: typing.Optional[jsii.Number] = None,
-        master_password_secret_kms_key_id: typing.Optional[builtins.str] = None,
         master_user_password: typing.Optional[builtins.str] = None,
         multi_az: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         namespace_resource_policy: typing.Any = None,
@@ -1910,7 +1888,6 @@ class CfnClusterProps:
         :param maintenance_track_name: An optional parameter for the name of the maintenance track for the cluster. If you don't provide a maintenance track name, the cluster is assigned to the ``current`` track.
         :param manage_master_password: If ``true`` , Amazon Redshift uses AWS Secrets Manager to manage this cluster's admin credentials. You can't use ``MasterUserPassword`` if ``ManageMasterPassword`` is true. If ``ManageMasterPassword`` is false or not set, Amazon Redshift uses ``MasterUserPassword`` for the admin user account's password.
         :param manual_snapshot_retention_period: The default number of days to retain a manual snapshot. If the value is -1, the snapshot is retained indefinitely. This setting doesn't change the retention period of existing snapshots. The value must be either -1 or an integer between 1 and 3,653.
-        :param master_password_secret_kms_key_id: The ID of the AWS Key Management Service (KMS) key used to encrypt and store the cluster's admin credentials secret. You can only use this parameter if ``ManageMasterPassword`` is true.
         :param master_user_password: The password associated with the admin user account for the cluster that is being created. You can't use ``MasterUserPassword`` if ``ManageMasterPassword`` is ``true`` . Constraints: - Must be between 8 and 64 characters in length. - Must contain at least one uppercase letter. - Must contain at least one lowercase letter. - Must contain one number. - Can be any printable ASCII character (ASCII code 33-126) except ``'`` (single quote), ``"`` (double quote), ``\\`` , ``/`` , or ``@`` .
         :param multi_az: A boolean indicating whether Amazon Redshift should deploy the cluster in two Availability Zones. The default is false.
         :param namespace_resource_policy: The policy that is attached to a resource.
@@ -1983,7 +1960,6 @@ class CfnClusterProps:
                 maintenance_track_name="maintenanceTrackName",
                 manage_master_password=False,
                 manual_snapshot_retention_period=123,
-                master_password_secret_kms_key_id="masterPasswordSecretKmsKeyId",
                 master_user_password="masterUserPassword",
                 multi_az=False,
                 namespace_resource_policy=namespace_resource_policy,
@@ -2042,7 +2018,6 @@ class CfnClusterProps:
             check_type(argname="argument maintenance_track_name", value=maintenance_track_name, expected_type=type_hints["maintenance_track_name"])
             check_type(argname="argument manage_master_password", value=manage_master_password, expected_type=type_hints["manage_master_password"])
             check_type(argname="argument manual_snapshot_retention_period", value=manual_snapshot_retention_period, expected_type=type_hints["manual_snapshot_retention_period"])
-            check_type(argname="argument master_password_secret_kms_key_id", value=master_password_secret_kms_key_id, expected_type=type_hints["master_password_secret_kms_key_id"])
             check_type(argname="argument master_user_password", value=master_user_password, expected_type=type_hints["master_user_password"])
             check_type(argname="argument multi_az", value=multi_az, expected_type=type_hints["multi_az"])
             check_type(argname="argument namespace_resource_policy", value=namespace_resource_policy, expected_type=type_hints["namespace_resource_policy"])
@@ -2125,8 +2100,6 @@ class CfnClusterProps:
             self._values["manage_master_password"] = manage_master_password
         if manual_snapshot_retention_period is not None:
             self._values["manual_snapshot_retention_period"] = manual_snapshot_retention_period
-        if master_password_secret_kms_key_id is not None:
-            self._values["master_password_secret_kms_key_id"] = master_password_secret_kms_key_id
         if master_user_password is not None:
             self._values["master_user_password"] = master_user_password
         if multi_az is not None:
@@ -2588,17 +2561,6 @@ class CfnClusterProps:
         result = self._values.get("manual_snapshot_retention_period")
         return typing.cast(typing.Optional[jsii.Number], result)
 
-    @builtins.property
-    def master_password_secret_kms_key_id(self) -> typing.Optional[builtins.str]:
-        '''The ID of the AWS Key Management Service (KMS) key used to encrypt and store the cluster's admin credentials secret.
-
-        You can only use this parameter if ``ManageMasterPassword`` is true.
-
-        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html#cfn-redshift-cluster-masterpasswordsecretkmskeyid
-        '''
-        result = self._values.get("master_password_secret_kms_key_id")
-        return typing.cast(typing.Optional[builtins.str], result)
-
     @builtins.property
     def master_user_password(self) -> typing.Optional[builtins.str]:
         '''The password associated with the admin user account for the cluster that is being created.
@@ -5945,7 +5907,6 @@ def _typecheckingstub__f6d25f70797e3ae67b635ec776926582ff0be975c8173c4af217f7f6e
     maintenance_track_name: typing.Optional[builtins.str] = None,
     manage_master_password: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     manual_snapshot_retention_period: typing.Optional[jsii.Number] = None,
-    master_password_secret_kms_key_id: typing.Optional[builtins.str] = None,
     master_user_password: typing.Optional[builtins.str] = None,
     multi_az: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     namespace_resource_policy: typing.Any = None,
@@ -6178,12 +6139,6 @@ def _typecheckingstub__47928702ad781fa3915ff0f5068c3b692ff5d8d891b871ca8319d3632
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__e26594c22a23597c2bcb39be035e857bb61d132ed89a50d4d58e1a8f8c369e12(
-    value: typing.Optional[builtins.str],
-) -> None:
-    """Type checking stubs"""
-    pass
-
 def _typecheckingstub__15113bc0292eb3a900fcad9d620cd08c320a19dfce07db8d055112a353c48cba(
     value: typing.Optional[builtins.str],
 ) -> None:
@@ -6417,7 +6372,6 @@ def _typecheckingstub__88d0d566c2d2524449f4cc4b794952814b68b5dcd5494f1bcdf5b417e
     maintenance_track_name: typing.Optional[builtins.str] = None,
     manage_master_password: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     manual_snapshot_retention_period: typing.Optional[jsii.Number] = None,
-    master_password_secret_kms_key_id: typing.Optional[builtins.str] = None,
     master_user_password: typing.Optional[builtins.str] = None,
     multi_az: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     namespace_resource_policy: typing.Any = None,

aws_cdk/aws_route53resolver/__init__.py

@@ -440,6 +440,7 @@ class CfnFirewallRuleGroup(
                 block_override_domain="blockOverrideDomain",
                 block_override_ttl=123,
                 block_response="blockResponse",
+                firewall_domain_redirection_action="firewallDomainRedirectionAction",
                 qtype="qtype"
             )],
             name="name",
@@ -668,6 +669,7 @@ class CfnFirewallRuleGroup(
             "block_override_domain": "blockOverrideDomain",
             "block_override_ttl": "blockOverrideTtl",
             "block_response": "blockResponse",
+            "firewall_domain_redirection_action": "firewallDomainRedirectionAction",
             "qtype": "qtype",
         },
     )
@@ -682,6 +684,7 @@ class CfnFirewallRuleGroup(
             block_override_domain: typing.Optional[builtins.str] = None,
             block_override_ttl: typing.Optional[jsii.Number] = None,
             block_response: typing.Optional[builtins.str] = None,
+            firewall_domain_redirection_action: typing.Optional[builtins.str] = None,
             qtype: typing.Optional[builtins.str] = None,
         ) -> None:
             '''A single firewall rule in a rule group.
@@ -693,6 +696,7 @@ class CfnFirewallRuleGroup(
             :param block_override_domain: The custom DNS record to send back in response to the query. Used for the rule action ``BLOCK`` with a ``BlockResponse`` setting of ``OVERRIDE`` .
             :param block_override_ttl: The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action ``BLOCK`` with a ``BlockResponse`` setting of ``OVERRIDE`` .
             :param block_response: The way that you want DNS Firewall to block the request. Used for the rule action setting ``BLOCK`` . - ``NODATA`` - Respond indicating that the query was successful, but no response is available for it. - ``NXDOMAIN`` - Respond indicating that the domain name that's in the query doesn't exist. - ``OVERRIDE`` - Provide a custom override in the response. This option requires custom handling details in the rule's ``BlockOverride*`` settings.
+            :param firewall_domain_redirection_action: How you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME, or DNAME. ``Inspect_Redirection_Domain`` (Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be added to the domain list. ``Trust_Redirection_Domain`` inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the domain in the redirection list to the domain list.
             :param qtype: The DNS query type you want the rule to evaluate. Allowed values are; - A: Returns an IPv4 address. - AAAA: Returns an Ipv6 address. - CAA: Restricts CAs that can create SSL/TLS certifications for the domain. - CNAME: Returns another domain name. - DS: Record that identifies the DNSSEC signing key of a delegated zone. - MX: Specifies mail servers. - NAPTR: Regular-expression-based rewriting of domain names. - NS: Authoritative name servers. - PTR: Maps an IP address to a domain name. - SOA: Start of authority record for the zone. - SPF: Lists the servers authorized to send emails from a domain. - SRV: Application specific values that identify servers. - TXT: Verifies email senders and application-specific values. - A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be defined as TYPE NUMBER , where the NUMBER can be 1-65334, for example, TYPE28. For more information, see `List of DNS record types <https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/List_of_DNS_record_types>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53resolver-firewallrulegroup-firewallrule.html
@@ -714,6 +718,7 @@ class CfnFirewallRuleGroup(
                     block_override_domain="blockOverrideDomain",
                     block_override_ttl=123,
                     block_response="blockResponse",
+                    firewall_domain_redirection_action="firewallDomainRedirectionAction",
                     qtype="qtype"
                 )
             '''
@@ -726,6 +731,7 @@ class CfnFirewallRuleGroup(
                 check_type(argname="argument block_override_domain", value=block_override_domain, expected_type=type_hints["block_override_domain"])
                 check_type(argname="argument block_override_ttl", value=block_override_ttl, expected_type=type_hints["block_override_ttl"])
                 check_type(argname="argument block_response", value=block_response, expected_type=type_hints["block_response"])
+                check_type(argname="argument firewall_domain_redirection_action", value=firewall_domain_redirection_action, expected_type=type_hints["firewall_domain_redirection_action"])
                 check_type(argname="argument qtype", value=qtype, expected_type=type_hints["qtype"])
             self._values: typing.Dict[builtins.str, typing.Any] = {
                 "action": action,
@@ -740,6 +746,8 @@ class CfnFirewallRuleGroup(
                 self._values["block_override_ttl"] = block_override_ttl
             if block_response is not None:
                 self._values["block_response"] = block_response
+            if firewall_domain_redirection_action is not None:
+                self._values["firewall_domain_redirection_action"] = firewall_domain_redirection_action
             if qtype is not None:
                 self._values["qtype"] = qtype
 
@@ -830,6 +838,19 @@ class CfnFirewallRuleGroup(
             result = self._values.get("block_response")
             return typing.cast(typing.Optional[builtins.str], result)
 
+        @builtins.property
+        def firewall_domain_redirection_action(self) -> typing.Optional[builtins.str]:
+            '''How you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME, or DNAME.
+
+            ``Inspect_Redirection_Domain`` (Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be added to the domain list.
+
+            ``Trust_Redirection_Domain`` inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the domain in the redirection list to the domain list.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53resolver-firewallrulegroup-firewallrule.html#cfn-route53resolver-firewallrulegroup-firewallrule-firewalldomainredirectionaction
+            '''
+            result = self._values.get("firewall_domain_redirection_action")
+            return typing.cast(typing.Optional[builtins.str], result)
+
         @builtins.property
         def qtype(self) -> typing.Optional[builtins.str]:
             '''The DNS query type you want the rule to evaluate. Allowed values are;
@@ -1321,6 +1342,7 @@ class CfnFirewallRuleGroupProps:
                     block_override_domain="blockOverrideDomain",
                     block_override_ttl=123,
                     block_response="blockResponse",
+                    firewall_domain_redirection_action="firewallDomainRedirectionAction",
                     qtype="qtype"
                 )],
                 name="name",
@@ -4249,6 +4271,7 @@ def _typecheckingstub__61f0f7aa6db62533b4486bd58a4692d76a133c14cd2281a8ea8e083c9
     block_override_domain: typing.Optional[builtins.str] = None,
     block_override_ttl: typing.Optional[jsii.Number] = None,
     block_response: typing.Optional[builtins.str] = None,
+    firewall_domain_redirection_action: typing.Optional[builtins.str] = None,
     qtype: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""

aws_cdk/aws_s3/__init__.py

@@ -1756,7 +1756,7 @@ class BucketProps:
         :param access_control: Specifies a canned ACL that grants predefined permissions to the bucket. Default: BucketAccessControl.PRIVATE
         :param auto_delete_objects: Whether all objects should be automatically deleted when the bucket is removed from the stack or when the stack is deleted. Requires the ``removalPolicy`` to be set to ``RemovalPolicy.DESTROY``. **Warning** if you have deployed a bucket with ``autoDeleteObjects: true``, switching this to ``false`` in a CDK version *before* ``1.126.0`` will lead to all objects in the bucket being deleted. Be sure to update your bucket resources by deploying with CDK version ``1.126.0`` or later **before** switching this value to ``false``. Setting ``autoDeleteObjects`` to true on a bucket will add ``s3:PutBucketPolicy`` to the bucket policy. This is because during bucket deletion, the custom resource provider needs to update the bucket policy by adding a deny policy for ``s3:PutObject`` to prevent race conditions with external bucket writers. Default: false
         :param block_public_access: The block public access configuration of this bucket. Default: - CloudFormation defaults will apply. New buckets and objects don't allow public access, but users can modify bucket policies or object permissions to allow public access
-        :param bucket_key_enabled: Whether Amazon S3 should use its own intermediary key to generate data keys. Only relevant when using KMS for encryption. - If not enabled, every object GET and PUT will cause an API call to KMS (with the attendant cost implications of that). - If enabled, S3 will use its own time-limited key instead. Only relevant, when Encryption is set to ``BucketEncryption.KMS`` or ``BucketEncryption.KMS_MANAGED``. Default: - false
+        :param bucket_key_enabled: Whether Amazon S3 should use its own intermediary key to generate data keys. Only relevant when using KMS for encryption. - If not enabled, every object GET and PUT will cause an API call to KMS (with the attendant cost implications of that). - If enabled, S3 will use its own time-limited key instead. Only relevant, when Encryption is not set to ``BucketEncryption.UNENCRYPTED``. Default: - false
         :param bucket_name: Physical name of this bucket. Default: - Assigned by CloudFormation (recommended).
         :param cors: The CORS configuration of this bucket. Default: - No CORS configuration.
         :param encryption: The kind of server-side encryption to apply to this bucket. If you choose KMS, you can specify a KMS key via ``encryptionKey``. If encryption key is not specified, a key will automatically be created. Default: - ``KMS`` if ``encryptionKey`` is specified, or ``UNENCRYPTED`` otherwise. But if ``UNENCRYPTED`` is specified, the bucket will be encrypted as ``S3_MANAGED`` automatically.
@@ -1952,7 +1952,7 @@ class BucketProps:
           attendant cost implications of that).
         - If enabled, S3 will use its own time-limited key instead.
 
-        Only relevant, when Encryption is set to ``BucketEncryption.KMS`` or ``BucketEncryption.KMS_MANAGED``.
+        Only relevant, when Encryption is not set to ``BucketEncryption.UNENCRYPTED``.
 
         :default: - false
         '''
@@ -5148,7 +5148,7 @@ class CfnBucket(
             mode: typing.Optional[builtins.str] = None,
             years: typing.Optional[jsii.Number] = None,
         ) -> None:
-            '''The container element for specifying the default Object Lock retention settings for new objects placed in the specified bucket.
+            '''The container element for optionally specifying the default Object Lock retention settings for new objects placed in the specified bucket.
 
             .. epigraph::
 
@@ -19370,7 +19370,7 @@ class Bucket(
         :param access_control: Specifies a canned ACL that grants predefined permissions to the bucket. Default: BucketAccessControl.PRIVATE
         :param auto_delete_objects: Whether all objects should be automatically deleted when the bucket is removed from the stack or when the stack is deleted. Requires the ``removalPolicy`` to be set to ``RemovalPolicy.DESTROY``. **Warning** if you have deployed a bucket with ``autoDeleteObjects: true``, switching this to ``false`` in a CDK version *before* ``1.126.0`` will lead to all objects in the bucket being deleted. Be sure to update your bucket resources by deploying with CDK version ``1.126.0`` or later **before** switching this value to ``false``. Setting ``autoDeleteObjects`` to true on a bucket will add ``s3:PutBucketPolicy`` to the bucket policy. This is because during bucket deletion, the custom resource provider needs to update the bucket policy by adding a deny policy for ``s3:PutObject`` to prevent race conditions with external bucket writers. Default: false
         :param block_public_access: The block public access configuration of this bucket. Default: - CloudFormation defaults will apply. New buckets and objects don't allow public access, but users can modify bucket policies or object permissions to allow public access
-        :param bucket_key_enabled: Whether Amazon S3 should use its own intermediary key to generate data keys. Only relevant when using KMS for encryption. - If not enabled, every object GET and PUT will cause an API call to KMS (with the attendant cost implications of that). - If enabled, S3 will use its own time-limited key instead. Only relevant, when Encryption is set to ``BucketEncryption.KMS`` or ``BucketEncryption.KMS_MANAGED``. Default: - false
+        :param bucket_key_enabled: Whether Amazon S3 should use its own intermediary key to generate data keys. Only relevant when using KMS for encryption. - If not enabled, every object GET and PUT will cause an API call to KMS (with the attendant cost implications of that). - If enabled, S3 will use its own time-limited key instead. Only relevant, when Encryption is not set to ``BucketEncryption.UNENCRYPTED``. Default: - false
         :param bucket_name: Physical name of this bucket. Default: - Assigned by CloudFormation (recommended).
         :param cors: The CORS configuration of this bucket. Default: - No CORS configuration.
         :param encryption: The kind of server-side encryption to apply to this bucket. If you choose KMS, you can specify a KMS key via ``encryptionKey``. If encryption key is not specified, a key will automatically be created. Default: - ``KMS`` if ``encryptionKey`` is specified, or ``UNENCRYPTED`` otherwise. But if ``UNENCRYPTED`` is specified, the bucket will be encrypted as ``S3_MANAGED`` automatically.