aws-cdk-lib 2.146.0__py3-none-any.whl → 2.147.1__py3-none-any.whl

aws_cdk/aws_stepfunctions_tasks/__init__.py

@@ -1163,6 +1163,15 @@ tasks.GlueStartJobRun(self, "Task",
 )
 ```
 
+You can choose the execution class by setting the `executionClass` property.
+
+```python
+tasks.GlueStartJobRun(self, "Task",
+    glue_job_name="my-glue-job",
+    execution_class=tasks.ExecutionClass.FLEX
+)
+```
+
 ### StartCrawlerRun
 
 You can call the [`StartCrawler`](https://docs.aws.amazon.com/glue/latest/dg/aws-glue-api-crawler-crawling.html#aws-glue-api-crawler-crawling-StartCrawler) API from a `Task` state through AWS SDK service integrations.
@@ -22406,6 +22415,30 @@ class EventBridgePutEventsProps(_TaskStateBaseProps_3a62b6d0):
         )
 
 
+@jsii.enum(jsii_type="aws-cdk-lib.aws_stepfunctions_tasks.ExecutionClass")
+class ExecutionClass(enum.Enum):
+    '''The excecution class of the job.
+
+    :exampleMetadata: infused
+
+    Example::
+
+        tasks.GlueStartJobRun(self, "Task",
+            glue_job_name="my-glue-job",
+            execution_class=tasks.ExecutionClass.FLEX
+        )
+    '''
+
+    FLEX = "FLEX"
+    '''The flexible execution class is appropriate for time-insensitive jobs whose start and completion times may vary.
+
+    Only jobs with AWS Glue version 3.0 and above and command type ``glueetl`` will be allowed to set ``ExecutionClass`` to ``FLEX``.
+    The flexible execution class is available for Spark jobs.
+    '''
+    STANDARD = "STANDARD"
+    '''The standard execution class is ideal for time-sensitive workloads that require fast job startup and dedicated resources.'''
+
+
 class GlueDataBrewStartJobRun(
     _TaskStateBase_b5c0a816,
     metaclass=jsii.JSIIMeta,
@@ -23191,6 +23224,7 @@ class GlueStartJobRun(
         *,
         glue_job_name: builtins.str,
         arguments: typing.Optional[_TaskInput_91b91b91] = None,
+        execution_class: typing.Optional[ExecutionClass] = None,
         notify_delay_after: typing.Optional[_Duration_4839e8c3] = None,
         security_configuration: typing.Optional[builtins.str] = None,
         worker_configuration: typing.Optional[typing.Union["WorkerConfigurationProperty", typing.Dict[builtins.str, typing.Any]]] = None,
@@ -23212,6 +23246,7 @@ class GlueStartJobRun(
         :param id: Descriptive identifier for this chainable.
         :param glue_job_name: Glue job name.
         :param arguments: The job arguments specifically for this run. For this job run, they replace the default arguments set in the job definition itself. Default: - Default arguments set in the job definition
+        :param execution_class: The excecution class of the job. Default: - STANDARD
         :param notify_delay_after: After a job run starts, the number of minutes to wait before sending a job run delay notification. Must be at least 1 minute. Default: - Default delay set in the job definition
         :param security_configuration: The name of the SecurityConfiguration structure to be used with this job run. This must match the Glue API Default: - Default configuration set in the job definition
         :param worker_configuration: The worker configuration for this run. Default: - Default worker configuration in the job definition
@@ -23235,6 +23270,7 @@ class GlueStartJobRun(
         props = GlueStartJobRunProps(
             glue_job_name=glue_job_name,
             arguments=arguments,
+            execution_class=execution_class,
             notify_delay_after=notify_delay_after,
             security_configuration=security_configuration,
             worker_configuration=worker_configuration,
@@ -23283,6 +23319,7 @@ class GlueStartJobRun(
         "timeout": "timeout",
         "glue_job_name": "glueJobName",
         "arguments": "arguments",
+        "execution_class": "executionClass",
         "notify_delay_after": "notifyDelayAfter",
         "security_configuration": "securityConfiguration",
         "worker_configuration": "workerConfiguration",
@@ -23306,6 +23343,7 @@ class GlueStartJobRunProps(_TaskStateBaseProps_3a62b6d0):
         timeout: typing.Optional[_Duration_4839e8c3] = None,
         glue_job_name: builtins.str,
         arguments: typing.Optional[_TaskInput_91b91b91] = None,
+        execution_class: typing.Optional[ExecutionClass] = None,
         notify_delay_after: typing.Optional[_Duration_4839e8c3] = None,
         security_configuration: typing.Optional[builtins.str] = None,
         worker_configuration: typing.Optional[typing.Union["WorkerConfigurationProperty", typing.Dict[builtins.str, typing.Any]]] = None,
@@ -23326,6 +23364,7 @@ class GlueStartJobRunProps(_TaskStateBaseProps_3a62b6d0):
         :param timeout: (deprecated) Timeout for the task. Default: - None
         :param glue_job_name: Glue job name.
         :param arguments: The job arguments specifically for this run. For this job run, they replace the default arguments set in the job definition itself. Default: - Default arguments set in the job definition
+        :param execution_class: The excecution class of the job. Default: - STANDARD
         :param notify_delay_after: After a job run starts, the number of minutes to wait before sending a job run delay notification. Must be at least 1 minute. Default: - Default delay set in the job definition
         :param security_configuration: The name of the SecurityConfiguration structure to be used with this job run. This must match the Glue API Default: - Default configuration set in the job definition
         :param worker_configuration: The worker configuration for this run. Default: - Default worker configuration in the job definition
@@ -23362,6 +23401,7 @@ class GlueStartJobRunProps(_TaskStateBaseProps_3a62b6d0):
             check_type(argname="argument timeout", value=timeout, expected_type=type_hints["timeout"])
             check_type(argname="argument glue_job_name", value=glue_job_name, expected_type=type_hints["glue_job_name"])
             check_type(argname="argument arguments", value=arguments, expected_type=type_hints["arguments"])
+            check_type(argname="argument execution_class", value=execution_class, expected_type=type_hints["execution_class"])
             check_type(argname="argument notify_delay_after", value=notify_delay_after, expected_type=type_hints["notify_delay_after"])
             check_type(argname="argument security_configuration", value=security_configuration, expected_type=type_hints["security_configuration"])
             check_type(argname="argument worker_configuration", value=worker_configuration, expected_type=type_hints["worker_configuration"])
@@ -23394,6 +23434,8 @@ class GlueStartJobRunProps(_TaskStateBaseProps_3a62b6d0):
             self._values["timeout"] = timeout
         if arguments is not None:
             self._values["arguments"] = arguments
+        if execution_class is not None:
+            self._values["execution_class"] = execution_class
         if notify_delay_after is not None:
             self._values["notify_delay_after"] = notify_delay_after
         if security_configuration is not None:
@@ -23575,6 +23617,15 @@ class GlueStartJobRunProps(_TaskStateBaseProps_3a62b6d0):
         result = self._values.get("arguments")
         return typing.cast(typing.Optional[_TaskInput_91b91b91], result)
 
+    @builtins.property
+    def execution_class(self) -> typing.Optional[ExecutionClass]:
+        '''The excecution class of the job.
+
+        :default: - STANDARD
+        '''
+        result = self._values.get("execution_class")
+        return typing.cast(typing.Optional[ExecutionClass], result)
+
     @builtins.property
     def notify_delay_after(self) -> typing.Optional[_Duration_4839e8c3]:
         '''After a job run starts, the number of minutes to wait before sending a job run delay notification.
@@ -33102,6 +33153,8 @@ class WorkerType(enum.Enum):
 
     STANDARD = "STANDARD"
     '''Each worker provides 4 vCPU, 16 GB of memory and a 50GB disk, and 2 executors per worker.'''
+    G_025X = "G_025X"
+    '''Each worker maps to 0.25 DPU (2 vCPU, 4 GB of memory, 64 GB disk), and provides 1 executor per worker. Suitable for low volume streaming jobs.'''
     G_1X = "G_1X"
     '''Each worker maps to 1 DPU (4 vCPU, 16 GB of memory, 64 GB disk), and provides 1 executor per worker.
 
@@ -33122,8 +33175,6 @@ class WorkerType(enum.Enum):
 
     We recommend this worker type for jobs whose workloads contain your most demanding transforms, aggregations, joins, and queries. This worker type is available only for AWS Glue version 3.0 or later jobs.
     '''
-    G_025X = "G_025X"
-    '''Each worker maps to 0.25 DPU (2 vCPU, 4 GB of memory, 64 GB disk), and provides 1 executor per worker. Suitable for low volume streaming jobs.'''
     Z_2X = "Z_2X"
     '''Each worker maps to 2 high-memory DPU [M-DPU] (8 vCPU, 64 GB of memory, 128 GB disk).
 
@@ -33457,6 +33508,7 @@ __all__ = [
     "EventBridgePutEvents",
     "EventBridgePutEventsEntry",
     "EventBridgePutEventsProps",
+    "ExecutionClass",
     "GlueDataBrewStartJobRun",
     "GlueDataBrewStartJobRunProps",
     "GlueStartCrawlerRun",
@@ -35687,6 +35739,7 @@ def _typecheckingstub__ca53b69e05a043466b0fb8d683b8908756bbb80a6167bf6e801b2cc4b
     *,
     glue_job_name: builtins.str,
     arguments: typing.Optional[_TaskInput_91b91b91] = None,
+    execution_class: typing.Optional[ExecutionClass] = None,
     notify_delay_after: typing.Optional[_Duration_4839e8c3] = None,
     security_configuration: typing.Optional[builtins.str] = None,
     worker_configuration: typing.Optional[typing.Union[WorkerConfigurationProperty, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -35722,6 +35775,7 @@ def _typecheckingstub__6a5a6a067402f20efc3f218ecff8d7cae8c7206cf0bfb73907469d47f
     timeout: typing.Optional[_Duration_4839e8c3] = None,
     glue_job_name: builtins.str,
     arguments: typing.Optional[_TaskInput_91b91b91] = None,
+    execution_class: typing.Optional[ExecutionClass] = None,
     notify_delay_after: typing.Optional[_Duration_4839e8c3] = None,
     security_configuration: typing.Optional[builtins.str] = None,
     worker_configuration: typing.Optional[typing.Union[WorkerConfigurationProperty, typing.Dict[builtins.str, typing.Any]]] = None,

aws_cdk/aws_transfer/__init__.py

@@ -3025,8 +3025,8 @@ class CfnServer(
 
             It is used by actions that trigger a workflow to begin execution.
 
-            :param on_partial_upload: A trigger that starts a workflow if a file is only partially uploaded. You can attach a workflow to a server that executes whenever there is a partial upload. A *partial upload* occurs when a file is open when the session disconnects.
-            :param on_upload: A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. To remove an associated workflow from a server, you can provide an empty ``OnUpload`` object, as in the following example. ``aws transfer update-server --server-id s-01234567890abcdef --workflow-details '{"OnUpload":[]}'``
+            :param on_partial_upload: A trigger that starts a workflow if a file is only partially uploaded. You can attach a workflow to a server that executes whenever there is a partial upload. A *partial upload* occurs when a file is open when the session disconnects. .. epigraph:: ``OnPartialUpload`` can contain a maximum of one ``WorkflowDetail`` object.
+            :param on_upload: A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. To remove an associated workflow from a server, you can provide an empty ``OnUpload`` object, as in the following example. ``aws transfer update-server --server-id s-01234567890abcdef --workflow-details '{"OnUpload":[]}'`` .. epigraph:: ``OnUpload`` can contain a maximum of one ``WorkflowDetail`` object.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-workflowdetails.html
             :exampleMetadata: fixture=_generated
@@ -3067,6 +3067,9 @@ class CfnServer(
             You can attach a workflow to a server that executes whenever there is a partial upload.
 
             A *partial upload* occurs when a file is open when the session disconnects.
+            .. epigraph::
+
+               ``OnPartialUpload`` can contain a maximum of one ``WorkflowDetail`` object.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-workflowdetails.html#cfn-transfer-server-workflowdetails-onpartialupload
             '''
@@ -3082,6 +3085,9 @@ class CfnServer(
             To remove an associated workflow from a server, you can provide an empty ``OnUpload`` object, as in the following example.
 
             ``aws transfer update-server --server-id s-01234567890abcdef --workflow-details '{"OnUpload":[]}'``
+            .. epigraph::
+
+               ``OnUpload`` can contain a maximum of one ``WorkflowDetail`` object.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-workflowdetails.html#cfn-transfer-server-workflowdetails-onupload
             '''

aws_cdk/aws_wafv2/__init__.py

@@ -4426,7 +4426,7 @@ class CfnRuleGroup(
             :param body: Inspect the request body as plain text. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. For information about how to handle oversized request bodies, see the ``Body`` object configuration.
             :param cookies: Inspect the request cookies. You must configure scope and pattern matching filters in the ``Cookies`` object, to define the set of cookies and the parts of the cookies that AWS WAF inspects. Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize cookie content in the ``Cookies`` object. AWS WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.
             :param headers: Inspect the request headers. You must configure scope and pattern matching filters in the ``Headers`` object, to define the set of headers to and the parts of the headers that AWS WAF inspects. Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize header content in the ``Headers`` object. AWS WAF applies the pattern matching filters to the headers that it receives from the underlying host service.
-            :param ja3_fingerprint: Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information. .. epigraph:: You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` . You can obtain the JA3 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* . Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
+            :param ja3_fingerprint: Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information. .. epigraph:: You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` . You can obtain the JA3 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* . Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
             :param json_body: Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. For information about how to handle oversized request bodies, see the ``JsonBody`` object configuration.
             :param method: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
             :param query_string: Inspect the query string. This is the part of a URL that appears after a ``?`` character, if any.
@@ -4595,9 +4595,9 @@ class CfnRuleGroup(
         def ja3_fingerprint(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.JA3FingerprintProperty"]]:
-            '''Match against the request's JA3 fingerprint.
+            '''Available for use with Amazon CloudFront distributions and Application Load Balancers.
 
-            The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
+            Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
             .. epigraph::
 
                You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` .
@@ -5390,9 +5390,9 @@ class CfnRuleGroup(
     )
     class JA3FingerprintProperty:
         def __init__(self, *, fallback_behavior: builtins.str) -> None:
-            '''Match against the request's JA3 fingerprint.
+            '''Available for use with Amazon CloudFront distributions and Application Load Balancers.
 
-            The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
+            Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
             .. epigraph::
 
                You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` .
@@ -13906,7 +13906,7 @@ class CfnWebACL(
             :param body: Inspect the request body as plain text. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. For information about how to handle oversized request bodies, see the ``Body`` object configuration.
             :param cookies: Inspect the request cookies. You must configure scope and pattern matching filters in the ``Cookies`` object, to define the set of cookies and the parts of the cookies that AWS WAF inspects. Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize cookie content in the ``Cookies`` object. AWS WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.
             :param headers: Inspect the request headers. You must configure scope and pattern matching filters in the ``Headers`` object, to define the set of headers to and the parts of the headers that AWS WAF inspects. Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize header content in the ``Headers`` object. AWS WAF applies the pattern matching filters to the headers that it receives from the underlying host service.
-            :param ja3_fingerprint: Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information. .. epigraph:: You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` . You can obtain the JA3 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* . Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
+            :param ja3_fingerprint: Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information. .. epigraph:: You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` . You can obtain the JA3 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* . Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
             :param json_body: Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. For information about how to handle oversized request bodies, see the ``JsonBody`` object configuration.
             :param method: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
             :param query_string: Inspect the query string. This is the part of a URL that appears after a ``?`` character, if any.
@@ -14075,9 +14075,9 @@ class CfnWebACL(
         def ja3_fingerprint(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWebACL.JA3FingerprintProperty"]]:
-            '''Match against the request's JA3 fingerprint.
+            '''Available for use with Amazon CloudFront distributions and Application Load Balancers.
 
-            The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
+            Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
             .. epigraph::
 
                You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` .
@@ -14870,9 +14870,9 @@ class CfnWebACL(
     )
     class JA3FingerprintProperty:
         def __init__(self, *, fallback_behavior: builtins.str) -> None:
-            '''Match against the request's JA3 fingerprint.
+            '''Available for use with Amazon CloudFront distributions and Application Load Balancers.
 
-            The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
+            Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
             .. epigraph::
 
                You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` .

aws_cdk/aws_workspacesweb/__init__.py

@@ -1157,7 +1157,7 @@ class CfnNetworkSettings(
 
     The VPC must have default tenancy. VPCs with dedicated tenancy are not supported.
 
-    For availability consideration, you must have at least two subnets created in two different Availability Zones. WorkSpaces Web is available in a subset of the Availability Zones for each supported Region. For more information, see `Supported Availability Zones <https://docs.aws.amazon.com/workspaces-web/latest/adminguide/availability-zones.html>`_ .
+    For availability consideration, you must have at least two subnets created in two different Availability Zones. WorkSpaces Secure Browser is available in a subset of the Availability Zones for each supported Region. For more information, see `Supported Availability Zones <https://docs.aws.amazon.com/workspaces-web/latest/adminguide/availability-zones.html>`_ .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-workspacesweb-networksettings.html
     :cloudformationResource: AWS::WorkSpacesWeb::NetworkSettings
@@ -1457,7 +1457,7 @@ class CfnPortal(
 
     A ``Standard`` web portal can't start browsing sessions unless you have at defined and associated an ``IdentityProvider`` and ``NetworkSettings`` resource. An ``IAM Identity Center`` web portal does not require an ``IdentityProvider`` resource.
 
-    For more information about web portals, see `What is Amazon WorkSpaces Web? <https://docs.aws.amazon.com/workspaces-web/latest/adminguide/what-is-workspaces-web.html.html>`_ .
+    For more information about web portals, see `What is Amazon WorkSpaces Secure Browser? <https://docs.aws.amazon.com/workspaces-web/latest/adminguide/what-is-workspaces-web.html.html>`_ .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-workspacesweb-portal.html
     :cloudformationResource: AWS::WorkSpacesWeb::Portal
@@ -1514,7 +1514,7 @@ class CfnPortal(
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param additional_encryption_context: The additional encryption context of the portal.
-        :param authentication_type: The type of authentication integration points used when signing into the web portal. Defaults to ``Standard`` . ``Standard`` web portals are authenticated directly through your identity provider (IdP). User and group access to your web portal is controlled through your IdP. You need to include an IdP resource in your template to integrate your IdP with your web portal. Completing the configuration for your IdP requires exchanging WorkSpaces Web’s SP metadata with your IdP’s IdP metadata. If your IdP requires the SP metadata first before returning the IdP metadata, you should follow these steps: 1. Create and deploy a CloudFormation template with a ``Standard`` portal with no ``IdentityProvider`` resource. 2. Retrieve the SP metadata using ``Fn:GetAtt`` , the WorkSpaces Web console, or by the calling the ``GetPortalServiceProviderMetadata`` API. 3. Submit the data to your IdP. 4. Add an ``IdentityProvider`` resource to your CloudFormation template. ``IAM Identity Center`` web portals are authenticated through AWS IAM Identity Center . They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration) and other identity provider information must be configured in IAM Identity Center . User and group assignment must be done through the WorkSpaces Web console. These cannot be configured in CloudFormation.
+        :param authentication_type: The type of authentication integration points used when signing into the web portal. Defaults to ``Standard`` . ``Standard`` web portals are authenticated directly through your identity provider (IdP). User and group access to your web portal is controlled through your IdP. You need to include an IdP resource in your template to integrate your IdP with your web portal. Completing the configuration for your IdP requires exchanging WorkSpaces Secure Browser’s SP metadata with your IdP’s IdP metadata. If your IdP requires the SP metadata first before returning the IdP metadata, you should follow these steps: 1. Create and deploy a CloudFormation template with a ``Standard`` portal with no ``IdentityProvider`` resource. 2. Retrieve the SP metadata using ``Fn:GetAtt`` , the WorkSpaces Secure Browser console, or by the calling the ``GetPortalServiceProviderMetadata`` API. 3. Submit the data to your IdP. 4. Add an ``IdentityProvider`` resource to your CloudFormation template. ``IAM Identity Center`` web portals are authenticated through AWS IAM Identity Center . They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration) and other identity provider information must be configured in IAM Identity Center . User and group assignment must be done through the WorkSpaces Secure Browser console. These cannot be configured in CloudFormation.
         :param browser_settings_arn: The ARN of the browser settings that is associated with this web portal.
         :param customer_managed_key: The customer managed key of the web portal. *Pattern* : ``^arn:[\\w+=\\/,.@-]+:kms:[a-zA-Z0-9\\-]*:[a-zA-Z0-9]{1,12}:key\\/[a-zA-Z0-9-]+$``
         :param display_name: The name of the web portal.
@@ -1883,7 +1883,7 @@ class CfnPortalProps:
         '''Properties for defining a ``CfnPortal``.
 
         :param additional_encryption_context: The additional encryption context of the portal.
-        :param authentication_type: The type of authentication integration points used when signing into the web portal. Defaults to ``Standard`` . ``Standard`` web portals are authenticated directly through your identity provider (IdP). User and group access to your web portal is controlled through your IdP. You need to include an IdP resource in your template to integrate your IdP with your web portal. Completing the configuration for your IdP requires exchanging WorkSpaces Web’s SP metadata with your IdP’s IdP metadata. If your IdP requires the SP metadata first before returning the IdP metadata, you should follow these steps: 1. Create and deploy a CloudFormation template with a ``Standard`` portal with no ``IdentityProvider`` resource. 2. Retrieve the SP metadata using ``Fn:GetAtt`` , the WorkSpaces Web console, or by the calling the ``GetPortalServiceProviderMetadata`` API. 3. Submit the data to your IdP. 4. Add an ``IdentityProvider`` resource to your CloudFormation template. ``IAM Identity Center`` web portals are authenticated through AWS IAM Identity Center . They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration) and other identity provider information must be configured in IAM Identity Center . User and group assignment must be done through the WorkSpaces Web console. These cannot be configured in CloudFormation.
+        :param authentication_type: The type of authentication integration points used when signing into the web portal. Defaults to ``Standard`` . ``Standard`` web portals are authenticated directly through your identity provider (IdP). User and group access to your web portal is controlled through your IdP. You need to include an IdP resource in your template to integrate your IdP with your web portal. Completing the configuration for your IdP requires exchanging WorkSpaces Secure Browser’s SP metadata with your IdP’s IdP metadata. If your IdP requires the SP metadata first before returning the IdP metadata, you should follow these steps: 1. Create and deploy a CloudFormation template with a ``Standard`` portal with no ``IdentityProvider`` resource. 2. Retrieve the SP metadata using ``Fn:GetAtt`` , the WorkSpaces Secure Browser console, or by the calling the ``GetPortalServiceProviderMetadata`` API. 3. Submit the data to your IdP. 4. Add an ``IdentityProvider`` resource to your CloudFormation template. ``IAM Identity Center`` web portals are authenticated through AWS IAM Identity Center . They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration) and other identity provider information must be configured in IAM Identity Center . User and group assignment must be done through the WorkSpaces Secure Browser console. These cannot be configured in CloudFormation.
         :param browser_settings_arn: The ARN of the browser settings that is associated with this web portal.
         :param customer_managed_key: The customer managed key of the web portal. *Pattern* : ``^arn:[\\w+=\\/,.@-]+:kms:[a-zA-Z0-9\\-]*:[a-zA-Z0-9]{1,12}:key\\/[a-zA-Z0-9-]+$``
         :param display_name: The name of the web portal.
@@ -1984,14 +1984,14 @@ class CfnPortalProps:
     def authentication_type(self) -> typing.Optional[builtins.str]:
         '''The type of authentication integration points used when signing into the web portal. Defaults to ``Standard`` .
 
-        ``Standard`` web portals are authenticated directly through your identity provider (IdP). User and group access to your web portal is controlled through your IdP. You need to include an IdP resource in your template to integrate your IdP with your web portal. Completing the configuration for your IdP requires exchanging WorkSpaces Web’s SP metadata with your IdP’s IdP metadata. If your IdP requires the SP metadata first before returning the IdP metadata, you should follow these steps:
+        ``Standard`` web portals are authenticated directly through your identity provider (IdP). User and group access to your web portal is controlled through your IdP. You need to include an IdP resource in your template to integrate your IdP with your web portal. Completing the configuration for your IdP requires exchanging WorkSpaces Secure Browser’s SP metadata with your IdP’s IdP metadata. If your IdP requires the SP metadata first before returning the IdP metadata, you should follow these steps:
 
         1. Create and deploy a CloudFormation template with a ``Standard`` portal with no ``IdentityProvider`` resource.
-        2. Retrieve the SP metadata using ``Fn:GetAtt`` , the WorkSpaces Web console, or by the calling the ``GetPortalServiceProviderMetadata`` API.
+        2. Retrieve the SP metadata using ``Fn:GetAtt`` , the WorkSpaces Secure Browser console, or by the calling the ``GetPortalServiceProviderMetadata`` API.
         3. Submit the data to your IdP.
         4. Add an ``IdentityProvider`` resource to your CloudFormation template.
 
-        ``IAM Identity Center`` web portals are authenticated through AWS IAM Identity Center . They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration) and other identity provider information must be configured in IAM Identity Center . User and group assignment must be done through the WorkSpaces Web console. These cannot be configured in CloudFormation.
+        ``IAM Identity Center`` web portals are authenticated through AWS IAM Identity Center . They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration) and other identity provider information must be configured in IAM Identity Center . User and group assignment must be done through the WorkSpaces Secure Browser console. These cannot be configured in CloudFormation.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-workspacesweb-portal.html#cfn-workspacesweb-portal-authenticationtype
         '''
@@ -2339,7 +2339,7 @@ class CfnUserAccessLoggingSettings(
 ):
     '''This resource specifies user access logging settings that can be associated with a web portal.
 
-    In order to receive logs from WorkSpaces Web, you must have an Amazon Kinesis Data Stream that starts with "amazon-workspaces-web-*". Your Amazon Kinesis data stream must either have server-side encryption turned off, or must use AWS managed keys for server-side encryption.
+    In order to receive logs from WorkSpaces Secure Browser, you must have an Amazon Kinesis Data Stream that starts with "amazon-workspaces-web-*". Your Amazon Kinesis data stream must either have server-side encryption turned off, or must use AWS managed keys for server-side encryption.
 
     For more information about setting server-side encryption in Amazon Kinesis , see `How Do I Get Started with Server-Side Encryption? <https://docs.aws.amazon.com/streams/latest/dev/getting-started-with-sse.html>`_ .
 

{aws_cdk_lib-2.146.0.dist-info → aws_cdk_lib-2.147.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: aws-cdk-lib
-Version: 2.146.0
+Version: 2.147.1
 Summary: Version 2 of the AWS Cloud Development Kit library
 Home-page: https://github.com/aws/aws-cdk
 Author: Amazon Web Services