aws-cdk-lib 2.146.0__py3-none-any.whl → 2.147.1__py3-none-any.whl

aws_cdk/aws_ecs/__init__.py

@@ -6462,7 +6462,7 @@ class CfnCluster(
         :param capacity_providers: The short name of one or more capacity providers to associate with the cluster. A capacity provider must be associated with a cluster before it can be included as part of the default capacity provider strategy of the cluster or used in a capacity provider strategy when calling the `CreateService <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateService.html>`_ or `RunTask <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html>`_ actions. If specifying a capacity provider that uses an Auto Scaling group, the capacity provider must be created but not associated with another cluster. New Auto Scaling group capacity providers can be created with the `CreateCapacityProvider <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateCapacityProvider.html>`_ API operation. To use a AWS Fargate capacity provider, specify either the ``FARGATE`` or ``FARGATE_SPOT`` capacity providers. The AWS Fargate capacity providers are available to all accounts and only need to be associated with a cluster to be used. The `PutCapacityProvider <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutCapacityProvider.html>`_ API operation is used to update the list of available capacity providers for a cluster after the cluster is created.
         :param cluster_name: A user-generated string that you use to identify your cluster. If you don't specify a name, AWS CloudFormation generates a unique physical ID for the name.
         :param cluster_settings: The settings to use when creating a cluster. This parameter is used to turn on CloudWatch Container Insights for a cluster.
-        :param configuration: The execute command configuration for the cluster.
+        :param configuration: The execute command and managed storage configuration for the cluster.
         :param default_capacity_provider_strategy: The default capacity provider strategy for the cluster. When services or tasks are run in the cluster with no launch type or capacity provider strategy specified, the default capacity provider strategy is used.
         :param service_connect_defaults: Use this parameter to set a default Service Connect namespace. After you set a default Service Connect namespace, any new services with Service Connect turned on that are created in the cluster are added as client services in the namespace. This setting only applies to new services that set the ``enabled`` parameter to ``true`` in the ``ServiceConnectConfiguration`` . You can set the namespace of each service individually in the ``ServiceConnectConfiguration`` to override this default parameter. Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see `Service Connect <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param tags: The metadata that you apply to the cluster to help you categorize and organize them. Each tag consists of a key and an optional value. You define both. The following basic restrictions apply to tags: - Maximum number of tags per resource - 50 - For each resource, each tag key must be unique, and each tag key can have only one value. - Maximum key length - 128 Unicode characters in UTF-8 - Maximum value length - 256 Unicode characters in UTF-8 - If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : /
@@ -6585,7 +6585,7 @@ class CfnCluster(
     def configuration(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnCluster.ClusterConfigurationProperty"]]:
-        '''The execute command configuration for the cluster.'''
+        '''The execute command and managed storage configuration for the cluster.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnCluster.ClusterConfigurationProperty"]], jsii.get(self, "configuration"))
 
     @configuration.setter
@@ -6761,10 +6761,10 @@ class CfnCluster(
             execute_command_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnCluster.ExecuteCommandConfigurationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             managed_storage_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnCluster.ManagedStorageConfigurationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         ) -> None:
-            '''The execute command configuration for the cluster.
+            '''The execute command and managed storage configuration for the cluster.
 
             :param execute_command_configuration: The details of the execute command configuration.
-            :param managed_storage_configuration: 
+            :param managed_storage_configuration: The details of the managed storage configuration.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-clusterconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -6818,7 +6818,8 @@ class CfnCluster(
         def managed_storage_configuration(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnCluster.ManagedStorageConfigurationProperty"]]:
-            '''
+            '''The details of the managed storage configuration.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-clusterconfiguration.html#cfn-ecs-cluster-clusterconfiguration-managedstorageconfiguration
             '''
             result = self._values.get("managed_storage_configuration")
@@ -7168,9 +7169,10 @@ class CfnCluster(
             fargate_ephemeral_storage_kms_key_id: typing.Optional[builtins.str] = None,
             kms_key_id: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''
-            :param fargate_ephemeral_storage_kms_key_id: 
-            :param kms_key_id: 
+            '''The managed storage configuration for the cluster.
+
+            :param fargate_ephemeral_storage_kms_key_id: Specify the AWS Key Management Service key ID for the Fargate ephemeral storage.
+            :param kms_key_id: Specify a AWS Key Management Service key ID to encrypt the managed storage.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-managedstorageconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -7198,7 +7200,8 @@ class CfnCluster(
 
         @builtins.property
         def fargate_ephemeral_storage_kms_key_id(self) -> typing.Optional[builtins.str]:
-            '''
+            '''Specify the AWS Key Management Service key ID for the Fargate ephemeral storage.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-managedstorageconfiguration.html#cfn-ecs-cluster-managedstorageconfiguration-fargateephemeralstoragekmskeyid
             '''
             result = self._values.get("fargate_ephemeral_storage_kms_key_id")
@@ -7206,7 +7209,8 @@ class CfnCluster(
 
         @builtins.property
         def kms_key_id(self) -> typing.Optional[builtins.str]:
-            '''
+            '''Specify a AWS Key Management Service key ID to encrypt the managed storage.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-managedstorageconfiguration.html#cfn-ecs-cluster-managedstorageconfiguration-kmskeyid
             '''
             result = self._values.get("kms_key_id")
@@ -7659,7 +7663,7 @@ class CfnClusterProps:
         :param capacity_providers: The short name of one or more capacity providers to associate with the cluster. A capacity provider must be associated with a cluster before it can be included as part of the default capacity provider strategy of the cluster or used in a capacity provider strategy when calling the `CreateService <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateService.html>`_ or `RunTask <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html>`_ actions. If specifying a capacity provider that uses an Auto Scaling group, the capacity provider must be created but not associated with another cluster. New Auto Scaling group capacity providers can be created with the `CreateCapacityProvider <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateCapacityProvider.html>`_ API operation. To use a AWS Fargate capacity provider, specify either the ``FARGATE`` or ``FARGATE_SPOT`` capacity providers. The AWS Fargate capacity providers are available to all accounts and only need to be associated with a cluster to be used. The `PutCapacityProvider <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutCapacityProvider.html>`_ API operation is used to update the list of available capacity providers for a cluster after the cluster is created.
         :param cluster_name: A user-generated string that you use to identify your cluster. If you don't specify a name, AWS CloudFormation generates a unique physical ID for the name.
         :param cluster_settings: The settings to use when creating a cluster. This parameter is used to turn on CloudWatch Container Insights for a cluster.
-        :param configuration: The execute command configuration for the cluster.
+        :param configuration: The execute command and managed storage configuration for the cluster.
         :param default_capacity_provider_strategy: The default capacity provider strategy for the cluster. When services or tasks are run in the cluster with no launch type or capacity provider strategy specified, the default capacity provider strategy is used.
         :param service_connect_defaults: Use this parameter to set a default Service Connect namespace. After you set a default Service Connect namespace, any new services with Service Connect turned on that are created in the cluster are added as client services in the namespace. This setting only applies to new services that set the ``enabled`` parameter to ``true`` in the ``ServiceConnectConfiguration`` . You can set the namespace of each service individually in the ``ServiceConnectConfiguration`` to override this default parameter. Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see `Service Connect <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param tags: The metadata that you apply to the cluster to help you categorize and organize them. Each tag consists of a key and an optional value. You define both. The following basic restrictions apply to tags: - Maximum number of tags per resource - 50 - For each resource, each tag key must be unique, and each tag key can have only one value. - Maximum key length - 128 Unicode characters in UTF-8 - Maximum value length - 256 Unicode characters in UTF-8 - If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : /
@@ -7781,7 +7785,7 @@ class CfnClusterProps:
     def configuration(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnCluster.ClusterConfigurationProperty]]:
-        '''The execute command configuration for the cluster.
+        '''The execute command and managed storage configuration for the cluster.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#cfn-ecs-cluster-configuration
         '''
@@ -15753,8 +15757,8 @@ class CfnTaskDefinition(
 
             The supported resource types are GPUs and Elastic Inference accelerators. For more information, see `Working with GPUs on Amazon ECS <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-gpu.html>`_ or `Working with Amazon Elastic Inference on Amazon ECS <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-inference.html>`_ in the *Amazon Elastic Container Service Developer Guide*
 
-            :param type: The type of resource to assign to a container. The supported values are ``GPU`` or ``InferenceAccelerator`` .
-            :param value: The value for the specified resource type. If the ``GPU`` type is used, the value is the number of physical ``GPUs`` the Amazon ECS container agent reserves for the container. The number of GPUs that's reserved for all containers in a task can't exceed the number of available GPUs on the container instance that the task is launched on. If the ``InferenceAccelerator`` type is used, the ``value`` matches the ``deviceName`` for an `InferenceAccelerator <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_InferenceAccelerator.html>`_ specified in a task definition.
+            :param type: The type of resource to assign to a container.
+            :param value: The value for the specified resource type. When the type is ``GPU`` , the value is the number of physical ``GPUs`` the Amazon ECS container agent reserves for the container. The number of GPUs that's reserved for all containers in a task can't exceed the number of available GPUs on the container instance that the task is launched on. When the type is ``InferenceAccelerator`` , the ``value`` matches the ``deviceName`` for an `InferenceAccelerator <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_InferenceAccelerator.html>`_ specified in a task definition.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-resourcerequirement.html
             :exampleMetadata: fixture=_generated
@@ -15783,8 +15787,6 @@ class CfnTaskDefinition(
         def type(self) -> builtins.str:
             '''The type of resource to assign to a container.
 
-            The supported values are ``GPU`` or ``InferenceAccelerator`` .
-
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-resourcerequirement.html#cfn-ecs-taskdefinition-resourcerequirement-type
             '''
             result = self._values.get("type")
@@ -15795,9 +15797,9 @@ class CfnTaskDefinition(
         def value(self) -> builtins.str:
             '''The value for the specified resource type.
 
-            If the ``GPU`` type is used, the value is the number of physical ``GPUs`` the Amazon ECS container agent reserves for the container. The number of GPUs that's reserved for all containers in a task can't exceed the number of available GPUs on the container instance that the task is launched on.
+            When the type is ``GPU`` , the value is the number of physical ``GPUs`` the Amazon ECS container agent reserves for the container. The number of GPUs that's reserved for all containers in a task can't exceed the number of available GPUs on the container instance that the task is launched on.
 
-            If the ``InferenceAccelerator`` type is used, the ``value`` matches the ``deviceName`` for an `InferenceAccelerator <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_InferenceAccelerator.html>`_ specified in a task definition.
+            When the type is ``InferenceAccelerator`` , the ``value`` matches the ``deviceName`` for an `InferenceAccelerator <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_InferenceAccelerator.html>`_ specified in a task definition.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-resourcerequirement.html#cfn-ecs-taskdefinition-resourcerequirement-value
             '''

aws_cdk/aws_eks/__init__.py

@@ -4965,7 +4965,7 @@ class CfnAddon(
         :param cluster_name: The name of your cluster.
         :param addon_version: The version of the add-on.
         :param configuration_values: The configuration values that you provided.
-        :param pod_identity_associations: An array of pod identities to apply to this add-on.
+        :param pod_identity_associations: An array of Pod Identity Assocations owned by the Addon. Each EKS Pod Identity association maps a role to a service account in a namespace in the cluster. For more information, see `Attach an IAM Role to an Amazon EKS add-on using Pod Identity <https://docs.aws.amazon.com/eks/latest/userguide/add-ons-iam.html>`_ in the EKS User Guide.
         :param preserve_on_delete: Specifying this option preserves the add-on software on your cluster but Amazon EKS stops managing any settings for the add-on. If an IAM account is associated with the add-on, it isn't removed.
         :param resolve_conflicts: How to resolve field value conflicts for an Amazon EKS add-on. Conflicts are handled based on the value you choose: - *None* – If the self-managed version of the add-on is installed on your cluster, Amazon EKS doesn't change the value. Creation of the add-on might fail. - *Overwrite* – If the self-managed version of the add-on is installed on your cluster and the Amazon EKS default value is different than the existing value, Amazon EKS changes the value to the Amazon EKS default value. - *Preserve* – This is similar to the NONE option. If the self-managed version of the add-on is installed on your cluster Amazon EKS doesn't change the add-on resource properties. Creation of the add-on might fail if conflicts are detected. This option works differently during the update operation. For more information, see `UpdateAddon <https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateAddon.html>`_ . If you don't currently have the self-managed version of the add-on installed on your cluster, the Amazon EKS add-on is installed. Amazon EKS sets all values to default values, regardless of the option that you specify.
         :param service_account_role_arn: The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see `Amazon EKS node IAM role <https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html>`_ in the *Amazon EKS User Guide* . .. epigraph:: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see `Enabling IAM roles for service accounts on your cluster <https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html>`_ in the *Amazon EKS User Guide* .
@@ -5096,7 +5096,7 @@ class CfnAddon(
     def pod_identity_associations(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAddon.PodIdentityAssociationProperty"]]]]:
-        '''An array of pod identities to apply to this add-on.'''
+        '''An array of Pod Identity Assocations owned by the Addon.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAddon.PodIdentityAssociationProperty"]]]], jsii.get(self, "podIdentityAssociations"))
 
     @pod_identity_associations.setter
@@ -5178,10 +5178,10 @@ class CfnAddon(
             role_arn: builtins.str,
             service_account: builtins.str,
         ) -> None:
-            '''A pod identity to associate with an add-on.
+            '''Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances.
 
-            :param role_arn: The IAM role ARN that the pod identity association is created for.
-            :param service_account: The Kubernetes service account that the pod identity association is created for.
+            :param role_arn: The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.
+            :param service_account: The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-addon-podidentityassociation.html
             :exampleMetadata: fixture=_generated
@@ -5208,7 +5208,9 @@ class CfnAddon(
 
         @builtins.property
         def role_arn(self) -> builtins.str:
-            '''The IAM role ARN that the pod identity association is created for.
+            '''The Amazon Resource Name (ARN) of the IAM role to associate with the service account.
+
+            The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-addon-podidentityassociation.html#cfn-eks-addon-podidentityassociation-rolearn
             '''
@@ -5218,7 +5220,7 @@ class CfnAddon(
 
         @builtins.property
         def service_account(self) -> builtins.str:
-            '''The Kubernetes service account that the pod identity association is created for.
+            '''The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-addon-podidentityassociation.html#cfn-eks-addon-podidentityassociation-serviceaccount
             '''
@@ -5273,7 +5275,7 @@ class CfnAddonProps:
         :param cluster_name: The name of your cluster.
         :param addon_version: The version of the add-on.
         :param configuration_values: The configuration values that you provided.
-        :param pod_identity_associations: An array of pod identities to apply to this add-on.
+        :param pod_identity_associations: An array of Pod Identity Assocations owned by the Addon. Each EKS Pod Identity association maps a role to a service account in a namespace in the cluster. For more information, see `Attach an IAM Role to an Amazon EKS add-on using Pod Identity <https://docs.aws.amazon.com/eks/latest/userguide/add-ons-iam.html>`_ in the EKS User Guide.
         :param preserve_on_delete: Specifying this option preserves the add-on software on your cluster but Amazon EKS stops managing any settings for the add-on. If an IAM account is associated with the add-on, it isn't removed.
         :param resolve_conflicts: How to resolve field value conflicts for an Amazon EKS add-on. Conflicts are handled based on the value you choose: - *None* – If the self-managed version of the add-on is installed on your cluster, Amazon EKS doesn't change the value. Creation of the add-on might fail. - *Overwrite* – If the self-managed version of the add-on is installed on your cluster and the Amazon EKS default value is different than the existing value, Amazon EKS changes the value to the Amazon EKS default value. - *Preserve* – This is similar to the NONE option. If the self-managed version of the add-on is installed on your cluster Amazon EKS doesn't change the add-on resource properties. Creation of the add-on might fail if conflicts are detected. This option works differently during the update operation. For more information, see `UpdateAddon <https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateAddon.html>`_ . If you don't currently have the self-managed version of the add-on installed on your cluster, the Amazon EKS add-on is installed. Amazon EKS sets all values to default values, regardless of the option that you specify.
         :param service_account_role_arn: The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see `Amazon EKS node IAM role <https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html>`_ in the *Amazon EKS User Guide* . .. epigraph:: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see `Enabling IAM roles for service accounts on your cluster <https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html>`_ in the *Amazon EKS User Guide* .
@@ -5380,7 +5382,11 @@ class CfnAddonProps:
     def pod_identity_associations(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnAddon.PodIdentityAssociationProperty]]]]:
-        '''An array of pod identities to apply to this add-on.
+        '''An array of Pod Identity Assocations owned by the Addon.
+
+        Each EKS Pod Identity association maps a role to a service account in a namespace in the cluster.
+
+        For more information, see `Attach an IAM Role to an Amazon EKS add-on using Pod Identity <https://docs.aws.amazon.com/eks/latest/userguide/add-ons-iam.html>`_ in the EKS User Guide.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-podidentityassociations
         '''

aws_cdk/aws_elasticloadbalancingv2/__init__.py

@@ -7833,7 +7833,7 @@ class CfnLoadBalancer(
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param enforce_security_group_inbound_rules_on_private_link_traffic: Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through AWS PrivateLink .
-        :param ip_address_type: The IP address type. The possible values are ``ipv4`` (for IPv4 addresses) and ``dualstack`` (for IPv4 and IPv6 addresses). You can’t specify ``dualstack`` for a load balancer with a UDP or TCP_UDP listener.
+        :param ip_address_type: Note: Internal load balancers must use the ``ipv4`` IP address type. [Application Load Balancers] The IP address type. The possible values are ``ipv4`` (for only IPv4 addresses), ``dualstack`` (for IPv4 and IPv6 addresses), and ``dualstack-without-public-ipv4`` (for IPv6 only public addresses, with private IPv4 and IPv6 addresses). Note: Application Load Balancer authentication only supports IPv4 addresses when connecting to an Identity Provider (IdP) or Amazon Cognito endpoint. Without a public IPv4 address the load balancer cannot complete the authentication process, resulting in HTTP 500 errors. [Network Load Balancers] The IP address type. The possible values are ``ipv4`` (for only IPv4 addresses) and ``dualstack`` (for IPv4 and IPv6 addresses). You can’t specify ``dualstack`` for a load balancer with a UDP or TCP_UDP listener. [Gateway Load Balancers] The IP address type. The possible values are ``ipv4`` (for only IPv4 addresses) and ``dualstack`` (for IPv4 and IPv6 addresses).
         :param load_balancer_attributes: The load balancer attributes.
         :param name: The name of the load balancer. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, must not begin or end with a hyphen, and must not begin with "internal-". If you don't specify a name, AWS CloudFormation generates a unique physical ID for the load balancer. If you specify a name, you cannot perform updates that require replacement of this resource, but you can perform other updates. To replace the resource, specify a new name.
         :param scheme: The nodes of an Internet-facing load balancer have public IP addresses. The DNS name of an Internet-facing load balancer is publicly resolvable to the public IP addresses of the nodes. Therefore, Internet-facing load balancers can route requests from clients over the internet. The nodes of an internal load balancer have only private IP addresses. The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes. Therefore, internal load balancers can route requests only from clients with access to the VPC for the load balancer. The default is an Internet-facing load balancer. You cannot specify a scheme for a Gateway Load Balancer.
@@ -7986,7 +7986,7 @@ class CfnLoadBalancer(
     @builtins.property
     @jsii.member(jsii_name="ipAddressType")
     def ip_address_type(self) -> typing.Optional[builtins.str]:
-        '''The IP address type.'''
+        '''Note: Internal load balancers must use the ``ipv4`` IP address type.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "ipAddressType"))
 
     @ip_address_type.setter
@@ -8361,7 +8361,7 @@ class CfnLoadBalancerProps:
         '''Properties for defining a ``CfnLoadBalancer``.
 
         :param enforce_security_group_inbound_rules_on_private_link_traffic: Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through AWS PrivateLink .
-        :param ip_address_type: The IP address type. The possible values are ``ipv4`` (for IPv4 addresses) and ``dualstack`` (for IPv4 and IPv6 addresses). You can’t specify ``dualstack`` for a load balancer with a UDP or TCP_UDP listener.
+        :param ip_address_type: Note: Internal load balancers must use the ``ipv4`` IP address type. [Application Load Balancers] The IP address type. The possible values are ``ipv4`` (for only IPv4 addresses), ``dualstack`` (for IPv4 and IPv6 addresses), and ``dualstack-without-public-ipv4`` (for IPv6 only public addresses, with private IPv4 and IPv6 addresses). Note: Application Load Balancer authentication only supports IPv4 addresses when connecting to an Identity Provider (IdP) or Amazon Cognito endpoint. Without a public IPv4 address the load balancer cannot complete the authentication process, resulting in HTTP 500 errors. [Network Load Balancers] The IP address type. The possible values are ``ipv4`` (for only IPv4 addresses) and ``dualstack`` (for IPv4 and IPv6 addresses). You can’t specify ``dualstack`` for a load balancer with a UDP or TCP_UDP listener. [Gateway Load Balancers] The IP address type. The possible values are ``ipv4`` (for only IPv4 addresses) and ``dualstack`` (for IPv4 and IPv6 addresses).
         :param load_balancer_attributes: The load balancer attributes.
         :param name: The name of the load balancer. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, must not begin or end with a hyphen, and must not begin with "internal-". If you don't specify a name, AWS CloudFormation generates a unique physical ID for the load balancer. If you specify a name, you cannot perform updates that require replacement of this resource, but you can perform other updates. To replace the resource, specify a new name.
         :param scheme: The nodes of an Internet-facing load balancer have public IP addresses. The DNS name of an Internet-facing load balancer is publicly resolvable to the public IP addresses of the nodes. Therefore, Internet-facing load balancers can route requests from clients over the internet. The nodes of an internal load balancer have only private IP addresses. The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes. Therefore, internal load balancers can route requests only from clients with access to the VPC for the load balancer. The default is an Internet-facing load balancer. You cannot specify a scheme for a Gateway Load Balancer.
@@ -8453,9 +8453,15 @@ class CfnLoadBalancerProps:
 
     @builtins.property
     def ip_address_type(self) -> typing.Optional[builtins.str]:
-        '''The IP address type.
+        '''Note: Internal load balancers must use the ``ipv4`` IP address type.
 
-        The possible values are ``ipv4`` (for IPv4 addresses) and ``dualstack`` (for IPv4 and IPv6 addresses). You can’t specify ``dualstack`` for a load balancer with a UDP or TCP_UDP listener.
+        [Application Load Balancers] The IP address type. The possible values are ``ipv4`` (for only IPv4 addresses), ``dualstack`` (for IPv4 and IPv6 addresses), and ``dualstack-without-public-ipv4`` (for IPv6 only public addresses, with private IPv4 and IPv6 addresses).
+
+        Note: Application Load Balancer authentication only supports IPv4 addresses when connecting to an Identity Provider (IdP) or Amazon Cognito endpoint. Without a public IPv4 address the load balancer cannot complete the authentication process, resulting in HTTP 500 errors.
+
+        [Network Load Balancers] The IP address type. The possible values are ``ipv4`` (for only IPv4 addresses) and ``dualstack`` (for IPv4 and IPv6 addresses). You can’t specify ``dualstack`` for a load balancer with a UDP or TCP_UDP listener.
+
+        [Gateway Load Balancers] The IP address type. The possible values are ``ipv4`` (for only IPv4 addresses) and ``dualstack`` (for IPv4 and IPv6 addresses).
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#cfn-elasticloadbalancingv2-loadbalancer-ipaddresstype
         '''

aws_cdk/aws_emrserverless/__init__.py

@@ -672,10 +672,10 @@ class CfnApplication(
         ) -> None:
             '''The Amazon CloudWatch configuration for monitoring logs.
 
-            You can configure your jobs to send log information to CloudWatch .
+            You can configure your jobs to send log information to CloudWatch.
 
             :param enabled: Enables CloudWatch logging. Default: - false
-            :param encryption_key_arn: The AWS Key Management Service (KMS) key ARN to encrypt the logs that you store in CloudWatch Logs .
+            :param encryption_key_arn: The AWS Key Management Service (KMS) key ARN to encrypt the logs that you store in CloudWatch Logs.
             :param log_group_name: The name of the log group in Amazon CloudWatch Logs where you want to publish your logs.
             :param log_stream_name_prefix: Prefix for the CloudWatch log stream name.
             :param log_type_map: The specific log-streams which need to be uploaded to CloudWatch.
@@ -734,7 +734,7 @@ class CfnApplication(
 
         @builtins.property
         def encryption_key_arn(self) -> typing.Optional[builtins.str]:
-            '''The AWS Key Management Service (KMS) key ARN to encrypt the logs that you store in CloudWatch Logs .
+            '''The AWS Key Management Service (KMS) key ARN to encrypt the logs that you store in CloudWatch Logs.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-emrserverless-application-cloudwatchloggingconfiguration.html#cfn-emrserverless-application-cloudwatchloggingconfiguration-encryptionkeyarn
             '''
@@ -1347,7 +1347,7 @@ class CfnApplication(
         ) -> None:
             '''The configuration setting for monitoring.
 
-            :param cloud_watch_logging_configuration: The Amazon CloudWatch configuration for monitoring logs. You can configure your jobs to send log information to CloudWatch .
+            :param cloud_watch_logging_configuration: The Amazon CloudWatch configuration for monitoring logs. You can configure your jobs to send log information to CloudWatch.
             :param managed_persistence_monitoring_configuration: The managed log persistence configuration for a job run.
             :param s3_monitoring_configuration: The Amazon S3 configuration for monitoring log publishing.
 
@@ -1400,7 +1400,7 @@ class CfnApplication(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnApplication.CloudWatchLoggingConfigurationProperty"]]:
             '''The Amazon CloudWatch configuration for monitoring logs.
 
-            You can configure your jobs to send log information to CloudWatch .
+            You can configure your jobs to send log information to CloudWatch.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-emrserverless-application-monitoringconfiguration.html#cfn-emrserverless-application-monitoringconfiguration-cloudwatchloggingconfiguration
             '''

aws_cdk/aws_events/__init__.py

@@ -3453,10 +3453,10 @@ class CfnEventBus(
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param name: The name of the new event bus. Custom event bus names can't contain the ``/`` character, but you can use the ``/`` character in partner event bus names. In addition, for partner event buses, the name must exactly match the name of the partner event source that this event bus is matched to. You can't use the name ``default`` for a custom event bus, as this name is already used for your account's default event bus.
-        :param dead_letter_config: Dead Letter Queue for the event bus.
-        :param description: The description of the event bus.
+        :param dead_letter_config: Configuration details of the Amazon SQS queue for EventBridge to use as a dead-letter queue (DLQ). For more information, see `Using dead-letter queues to process undelivered events <https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-rule-event-delivery.html#eb-rule-dlq>`_ in the *EventBridge User Guide* .
+        :param description: The event bus description.
         :param event_source_name: If you are creating a partner event bus, this specifies the partner event source that the new event bus will be matched with.
-        :param kms_key_identifier: Kms Key Identifier used to encrypt events at rest in the event bus.
+        :param kms_key_identifier: The identifier of the AWS KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt events on this event bus. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN. If you do not specify a customer managed key identifier, EventBridge uses an AWS owned key to encrypt events on the event bus. For more information, see `Managing keys <https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html>`_ in the *AWS Key Management Service Developer Guide* . .. epigraph:: Archives and schema discovery are not supported for event buses encrypted using a customer managed key. EventBridge returns an error if: - You call ``[CreateArchive](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_CreateArchive.html)`` on an event bus set to use a customer managed key for encryption. - You call ``[CreateDiscoverer](https://docs.aws.amazon.com/eventbridge/latest/schema-reference/v1-discoverers.html#CreateDiscoverer)`` on an event bus set to use a customer managed key for encryption. - You call ``[UpdatedEventBus](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_UpdatedEventBus.html)`` to set a customer managed key on an event bus with an archives or schema discovery enabled. To enable archives or schema discovery on an event bus, choose to use an AWS owned key . For more information, see `Data encryption in EventBridge <https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-encryption.html>`_ in the *Amazon EventBridge User Guide* .
         :param policy: The permissions policy of the event bus, describing which other AWS accounts can write events to this event bus.
         :param tags: Tags to associate with the event bus.
         '''
@@ -3561,7 +3561,7 @@ class CfnEventBus(
     def dead_letter_config(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnEventBus.DeadLetterConfigProperty"]]:
-        '''Dead Letter Queue for the event bus.'''
+        '''Configuration details of the Amazon SQS queue for EventBridge to use as a dead-letter queue (DLQ).'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnEventBus.DeadLetterConfigProperty"]], jsii.get(self, "deadLetterConfig"))
 
     @dead_letter_config.setter
@@ -3577,7 +3577,7 @@ class CfnEventBus(
     @builtins.property
     @jsii.member(jsii_name="description")
     def description(self) -> typing.Optional[builtins.str]:
-        '''The description of the event bus.'''
+        '''The event bus description.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "description"))
 
     @description.setter
@@ -3603,7 +3603,7 @@ class CfnEventBus(
     @builtins.property
     @jsii.member(jsii_name="kmsKeyIdentifier")
     def kms_key_identifier(self) -> typing.Optional[builtins.str]:
-        '''Kms Key Identifier used to encrypt events at rest in the event bus.'''
+        '''The identifier of the AWS KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt events on this event bus.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "kmsKeyIdentifier"))
 
     @kms_key_identifier.setter
@@ -3646,9 +3646,11 @@ class CfnEventBus(
     )
     class DeadLetterConfigProperty:
         def __init__(self, *, arn: typing.Optional[builtins.str] = None) -> None:
-            '''Dead Letter Queue for the event bus.
+            '''Configuration details of the Amazon SQS queue for EventBridge to use as a dead-letter queue (DLQ).
+
+            For more information, see `Using dead-letter queues to process undelivered events <https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-rule-event-delivery.html#eb-rule-dlq>`_ in the *EventBridge User Guide* .
 
-            :param arn: 
+            :param arn: The ARN of the SQS queue specified as the target for the dead-letter queue.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-eventbus-deadletterconfig.html
             :exampleMetadata: fixture=_generated
@@ -3672,7 +3674,8 @@ class CfnEventBus(
 
         @builtins.property
         def arn(self) -> typing.Optional[builtins.str]:
-            '''
+            '''The ARN of the SQS queue specified as the target for the dead-letter queue.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-eventbus-deadletterconfig.html#cfn-events-eventbus-deadletterconfig-arn
             '''
             result = self._values.get("arn")
@@ -4191,10 +4194,10 @@ class CfnEventBusProps:
         '''Properties for defining a ``CfnEventBus``.
 
         :param name: The name of the new event bus. Custom event bus names can't contain the ``/`` character, but you can use the ``/`` character in partner event bus names. In addition, for partner event buses, the name must exactly match the name of the partner event source that this event bus is matched to. You can't use the name ``default`` for a custom event bus, as this name is already used for your account's default event bus.
-        :param dead_letter_config: Dead Letter Queue for the event bus.
-        :param description: The description of the event bus.
+        :param dead_letter_config: Configuration details of the Amazon SQS queue for EventBridge to use as a dead-letter queue (DLQ). For more information, see `Using dead-letter queues to process undelivered events <https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-rule-event-delivery.html#eb-rule-dlq>`_ in the *EventBridge User Guide* .
+        :param description: The event bus description.
         :param event_source_name: If you are creating a partner event bus, this specifies the partner event source that the new event bus will be matched with.
-        :param kms_key_identifier: Kms Key Identifier used to encrypt events at rest in the event bus.
+        :param kms_key_identifier: The identifier of the AWS KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt events on this event bus. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN. If you do not specify a customer managed key identifier, EventBridge uses an AWS owned key to encrypt events on the event bus. For more information, see `Managing keys <https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html>`_ in the *AWS Key Management Service Developer Guide* . .. epigraph:: Archives and schema discovery are not supported for event buses encrypted using a customer managed key. EventBridge returns an error if: - You call ``[CreateArchive](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_CreateArchive.html)`` on an event bus set to use a customer managed key for encryption. - You call ``[CreateDiscoverer](https://docs.aws.amazon.com/eventbridge/latest/schema-reference/v1-discoverers.html#CreateDiscoverer)`` on an event bus set to use a customer managed key for encryption. - You call ``[UpdatedEventBus](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_UpdatedEventBus.html)`` to set a customer managed key on an event bus with an archives or schema discovery enabled. To enable archives or schema discovery on an event bus, choose to use an AWS owned key . For more information, see `Data encryption in EventBridge <https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-encryption.html>`_ in the *Amazon EventBridge User Guide* .
         :param policy: The permissions policy of the event bus, describing which other AWS accounts can write events to this event bus.
         :param tags: Tags to associate with the event bus.
 
@@ -4269,7 +4272,9 @@ class CfnEventBusProps:
     def dead_letter_config(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnEventBus.DeadLetterConfigProperty]]:
-        '''Dead Letter Queue for the event bus.
+        '''Configuration details of the Amazon SQS queue for EventBridge to use as a dead-letter queue (DLQ).
+
+        For more information, see `Using dead-letter queues to process undelivered events <https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-rule-event-delivery.html#eb-rule-dlq>`_ in the *EventBridge User Guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-eventbus.html#cfn-events-eventbus-deadletterconfig
         '''
@@ -4278,7 +4283,7 @@ class CfnEventBusProps:
 
     @builtins.property
     def description(self) -> typing.Optional[builtins.str]:
-        '''The description of the event bus.
+        '''The event bus description.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-eventbus.html#cfn-events-eventbus-description
         '''
@@ -4296,7 +4301,22 @@ class CfnEventBusProps:
 
     @builtins.property
     def kms_key_identifier(self) -> typing.Optional[builtins.str]:
-        '''Kms Key Identifier used to encrypt events at rest in the event bus.
+        '''The identifier of the AWS KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt events on this event bus.
+
+        The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN.
+
+        If you do not specify a customer managed key identifier, EventBridge uses an AWS owned key to encrypt events on the event bus.
+
+        For more information, see `Managing keys <https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html>`_ in the *AWS Key Management Service Developer Guide* .
+        .. epigraph::
+
+           Archives and schema discovery are not supported for event buses encrypted using a customer managed key. EventBridge returns an error if:
+
+           - You call ``[CreateArchive](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_CreateArchive.html)`` on an event bus set to use a customer managed key for encryption.
+           - You call ``[CreateDiscoverer](https://docs.aws.amazon.com/eventbridge/latest/schema-reference/v1-discoverers.html#CreateDiscoverer)`` on an event bus set to use a customer managed key for encryption.
+           - You call ``[UpdatedEventBus](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_UpdatedEventBus.html)`` to set a customer managed key on an event bus with an archives or schema discovery enabled.
+
+           To enable archives or schema discovery on an event bus, choose to use an AWS owned key . For more information, see `Data encryption in EventBridge <https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-encryption.html>`_ in the *Amazon EventBridge User Guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-eventbus.html#cfn-events-eventbus-kmskeyidentifier
         '''
@@ -5192,7 +5212,7 @@ class CfnRule(
         def __init__(self, *, arn: typing.Optional[builtins.str] = None) -> None:
             '''Configuration details of the Amazon SQS queue for EventBridge to use as a dead-letter queue (DLQ).
 
-            For more information, see `Event retry policy and using dead-letter queues <https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-rule-dlq.html>`_ in the *EventBridge User Guide* .
+            For more information, see `Using dead-letter queues to process undelivered events <https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-rule-event-delivery.html#eb-rule-dlq>`_ in the *EventBridge User Guide* .
 
             :param arn: The ARN of the SQS queue specified as the target for the dead-letter queue.