aws-cdk-lib 2.147.3__py3-none-any.whl → 2.148.0__py3-none-any.whl

aws_cdk/aws_codecommit/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS CodeCommit Construct Library
 
 AWS CodeCommit is a version control service that enables you to privately store and manage Git repositories in the AWS cloud.

aws_cdk/aws_codeconnections/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS::CodeConnections Construct Library
 
 <!--BEGIN STABILITY BANNER-->---

aws_cdk/aws_codedeploy/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS CodeDeploy Construct Library
 
 ## Table of Contents
@@ -92,7 +92,10 @@ deployment_group = codedeploy.ServerDeploymentGroup(self, "CodeDeployDeploymentG
         failed_deployment=True,  # default: true
         stopped_deployment=True,  # default: false
         deployment_in_alarm=True
-    )
+    ),
+    # whether the deployment group was configured to have CodeDeploy install a termination hook into an Auto Scaling group
+    # default: false
+    termination_hook=True
 )
 ```
 
@@ -858,7 +861,10 @@ class AutoRollbackConfig:
                     failed_deployment=True,  # default: true
                     stopped_deployment=True,  # default: false
                     deployment_in_alarm=True
-                )
+                ),
+                # whether the deployment group was configured to have CodeDeploy install a termination hook into an Auto Scaling group
+                # default: false
+                termination_hook=True
             )
         '''
         if __debug__:
@@ -6987,7 +6993,10 @@ class InstanceTagSet(
                 failed_deployment=True,  # default: true
                 stopped_deployment=True,  # default: false
                 deployment_in_alarm=True
-            )
+            ),
+            # whether the deployment group was configured to have CodeDeploy install a termination hook into an Auto Scaling group
+            # default: false
+            termination_hook=True
         )
     '''
 
@@ -8262,6 +8271,7 @@ class ServerDeploymentGroup(
         load_balancers: typing.Optional[typing.Sequence[LoadBalancer]] = None,
         on_premise_instance_tags: typing.Optional[InstanceTagSet] = None,
         role: typing.Optional[_IRole_235f5d8e] = None,
+        termination_hook: typing.Optional[builtins.bool] = None,
     ) -> None:
         '''
         :param scope: -
@@ -8280,6 +8290,7 @@ class ServerDeploymentGroup(
         :param load_balancers: CodeDeploy supports the deployment to multiple load balancers. Specify either multiple Classic Load Balancers, or Application Load Balancers / Network Load Balancers Target Groups. Default: - Deployment Group will not have load balancers defined.
         :param on_premise_instance_tags: All on-premise instances matching the given set of tags when a deployment occurs will be added to this Deployment Group. Default: - No additional on-premise instances will be added to the Deployment Group.
         :param role: The service Role of this Deployment Group. Default: - A new Role will be created.
+        :param termination_hook: Indicates whether the deployment group was configured to have CodeDeploy install a termination hook into an Auto Scaling group. Default: - false
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__e0364d4b48c02675a1899e742e45b411f0e83905e634a84441d088a41fe25c8f)
@@ -8300,6 +8311,7 @@ class ServerDeploymentGroup(
             load_balancers=load_balancers,
             on_premise_instance_tags=on_premise_instance_tags,
             role=role,
+            termination_hook=termination_hook,
         )
 
         jsii.create(self.__class__, self, [scope, id, props])
@@ -8495,6 +8507,7 @@ class ServerDeploymentGroupAttributes:
         "load_balancers": "loadBalancers",
         "on_premise_instance_tags": "onPremiseInstanceTags",
         "role": "role",
+        "termination_hook": "terminationHook",
     },
 )
 class ServerDeploymentGroupProps:
@@ -8515,6 +8528,7 @@ class ServerDeploymentGroupProps:
         load_balancers: typing.Optional[typing.Sequence[LoadBalancer]] = None,
         on_premise_instance_tags: typing.Optional[InstanceTagSet] = None,
         role: typing.Optional[_IRole_235f5d8e] = None,
+        termination_hook: typing.Optional[builtins.bool] = None,
     ) -> None:
         '''Construction properties for ``ServerDeploymentGroup``.
 
@@ -8532,6 +8546,7 @@ class ServerDeploymentGroupProps:
         :param load_balancers: CodeDeploy supports the deployment to multiple load balancers. Specify either multiple Classic Load Balancers, or Application Load Balancers / Network Load Balancers Target Groups. Default: - Deployment Group will not have load balancers defined.
         :param on_premise_instance_tags: All on-premise instances matching the given set of tags when a deployment occurs will be added to this Deployment Group. Default: - No additional on-premise instances will be added to the Deployment Group.
         :param role: The service Role of this Deployment Group. Default: - A new Role will be created.
+        :param termination_hook: Indicates whether the deployment group was configured to have CodeDeploy install a termination hook into an Auto Scaling group. Default: - false
 
         :exampleMetadata: infused
 
@@ -8564,6 +8579,7 @@ class ServerDeploymentGroupProps:
             check_type(argname="argument load_balancers", value=load_balancers, expected_type=type_hints["load_balancers"])
             check_type(argname="argument on_premise_instance_tags", value=on_premise_instance_tags, expected_type=type_hints["on_premise_instance_tags"])
             check_type(argname="argument role", value=role, expected_type=type_hints["role"])
+            check_type(argname="argument termination_hook", value=termination_hook, expected_type=type_hints["termination_hook"])
         self._values: typing.Dict[builtins.str, typing.Any] = {}
         if alarms is not None:
             self._values["alarms"] = alarms
@@ -8593,6 +8609,8 @@ class ServerDeploymentGroupProps:
             self._values["on_premise_instance_tags"] = on_premise_instance_tags
         if role is not None:
             self._values["role"] = role
+        if termination_hook is not None:
+            self._values["termination_hook"] = termination_hook
 
     @builtins.property
     def alarms(self) -> typing.Optional[typing.List[_IAlarm_ff3eabc0]]:
@@ -8747,6 +8765,17 @@ class ServerDeploymentGroupProps:
         result = self._values.get("role")
         return typing.cast(typing.Optional[_IRole_235f5d8e], result)
 
+    @builtins.property
+    def termination_hook(self) -> typing.Optional[builtins.bool]:
+        '''Indicates whether the deployment group was configured to have CodeDeploy install a termination hook into an Auto Scaling group.
+
+        :default: - false
+
+        :see: https://docs.aws.amazon.com/codedeploy/latest/userguide/integrations-aws-auto-scaling.html#integrations-aws-auto-scaling-behaviors
+        '''
+        result = self._values.get("termination_hook")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -11023,6 +11052,7 @@ def _typecheckingstub__e0364d4b48c02675a1899e742e45b411f0e83905e634a84441d088a41
     load_balancers: typing.Optional[typing.Sequence[LoadBalancer]] = None,
     on_premise_instance_tags: typing.Optional[InstanceTagSet] = None,
     role: typing.Optional[_IRole_235f5d8e] = None,
+    termination_hook: typing.Optional[builtins.bool] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -11075,6 +11105,7 @@ def _typecheckingstub__a3ad41a581be1a234fd5722299d51aa77bd7beaf51e0511c95ee742d4
     load_balancers: typing.Optional[typing.Sequence[LoadBalancer]] = None,
     on_premise_instance_tags: typing.Optional[InstanceTagSet] = None,
     role: typing.Optional[_IRole_235f5d8e] = None,
+    termination_hook: typing.Optional[builtins.bool] = None,
 ) -> None:
     """Type checking stubs"""
     pass

aws_cdk/aws_codeguruprofiler/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS::CodeGuruProfiler Construct Library
 
 Amazon CodeGuru Profiler collects runtime performance data from your live applications, and provides recommendations that can help you fine-tune your application performance.

aws_cdk/aws_codegurureviewer/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS::CodeGuruReviewer Construct Library
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.

aws_cdk/aws_codepipeline/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS CodePipeline Construct Library
 
 ## Pipeline

aws_cdk/aws_codepipeline_actions/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS CodePipeline Actions
 
 This package contains Actions that can be used in a CodePipeline.

aws_cdk/aws_codestar/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS::CodeStar Construct Library
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.

aws_cdk/aws_codestarconnections/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS::CodeStarConnections Construct Library
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.

aws_cdk/aws_codestarnotifications/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS CodeStarNotifications Construct Library
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.

aws_cdk/aws_cognito/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # Amazon Cognito Construct Library
 
 [Amazon Cognito](https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html) provides
@@ -718,6 +718,24 @@ pool.add_client("app-client",
 )
 ```
 
+To set a default redirect URI, use the `defaultRedirectUri` property.
+Its value must be present in the `callbackUrls` list.
+
+```python
+pool = cognito.UserPool(self, "Pool")
+pool.add_client("app-client",
+    o_auth=cognito.OAuthSettings(
+        flows=cognito.OAuthFlows(
+            authorization_code_grant=True
+        ),
+        scopes=[cognito.OAuthScope.OPENID],
+        default_redirect_uri="https://my-app-domain.com/welcome",
+        callback_urls=["https://my-app-domain.com/welcome", "https://my-app-domain.com/hello"],
+        logout_urls=["https://my-app-domain.com/signin"]
+    )
+)
+```
+
 An app client can be configured to prevent user existence errors. This
 instructs the Cognito authentication API to return generic authentication
 failure responses instead of an UserNotFoundException. By default, the flag
@@ -6530,7 +6548,7 @@ class CfnUserPoolClient(
         :param auth_session_validity: Amazon Cognito creates a session token for each API request in an authentication flow. ``AuthSessionValidity`` is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires.
         :param callback_ur_ls: A list of allowed redirect (callback) URLs for the IdPs. A redirect URI must: - Be an absolute URI. - Be registered with the authorization server. - Not include a fragment component. See `OAuth 2.0 - Redirection Endpoint <https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6749#section-3.1.2>`_ . Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only. App callback URLs such as myapp://example are also supported.
         :param client_name: The client name for the user pool client you would like to create.
-        :param default_redirect_uri: The default redirect URI. Must be in the ``CallbackURLs`` list. A redirect URI must: - Be an absolute URI. - Be registered with the authorization server. - Not include a fragment component. See `OAuth 2.0 - Redirection Endpoint <https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6749#section-3.1.2>`_ . Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only. App callback URLs such as myapp://example are also supported.
+        :param default_redirect_uri: The default redirect URI. In app clients with one assigned IdP, replaces ``redirect_uri`` in authentication requests. Must be in the ``CallbackURLs`` list. A redirect URI must: - Be an absolute URI. - Be registered with the authorization server. - Not include a fragment component. For more information, see `Default redirect URI <https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#cognito-user-pools-app-idp-settings-about>`_ . Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only. App callback URLs such as myapp://example are also supported.
         :param enable_propagate_additional_user_context_data: Activates the propagation of additional user context data. For more information about propagation of user context data, see `Adding advanced security to a user pool <https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html>`_ . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate ``EnablePropagateAdditionalUserContextData`` in an app client that has a client secret.
         :param enable_token_revocation: Activates or deactivates token revocation. For more information about revoking tokens, see `RevokeToken <https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html>`_ . If you don't include this parameter, token revocation is automatically activated for the new user pool client.
         :param explicit_auth_flows: The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. .. epigraph:: If you don't specify a value for ``ExplicitAuthFlows`` , your user client supports ``ALLOW_REFRESH_TOKEN_AUTH`` , ``ALLOW_USER_SRP_AUTH`` , and ``ALLOW_CUSTOM_AUTH`` . Valid values include: - ``ALLOW_ADMIN_USER_PASSWORD_AUTH`` : Enable admin based user password authentication flow ``ADMIN_USER_PASSWORD_AUTH`` . This setting replaces the ``ADMIN_NO_SRP_AUTH`` setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password. - ``ALLOW_CUSTOM_AUTH`` : Enable Lambda trigger based authentication. - ``ALLOW_USER_PASSWORD_AUTH`` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords. - ``ALLOW_USER_SRP_AUTH`` : Enable SRP-based authentication. - ``ALLOW_REFRESH_TOKEN_AUTH`` : Enable authflow to refresh tokens. In some environments, you will see the values ``ADMIN_NO_SRP_AUTH`` , ``CUSTOM_AUTH_FLOW_ONLY`` , or ``USER_PASSWORD_AUTH`` . You can't assign these legacy ``ExplicitAuthFlows`` values to user pool clients at the same time as values that begin with ``ALLOW_`` , like ``ALLOW_USER_SRP_AUTH`` .
@@ -6771,10 +6789,7 @@ class CfnUserPoolClient(
     @builtins.property
     @jsii.member(jsii_name="defaultRedirectUri")
     def default_redirect_uri(self) -> typing.Optional[builtins.str]:
-        '''The default redirect URI.
-
-        Must be in the ``CallbackURLs`` list.
-        '''
+        '''The default redirect URI.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "defaultRedirectUri"))
 
     @default_redirect_uri.setter
@@ -7273,7 +7288,7 @@ class CfnUserPoolClientProps:
         :param auth_session_validity: Amazon Cognito creates a session token for each API request in an authentication flow. ``AuthSessionValidity`` is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires.
         :param callback_ur_ls: A list of allowed redirect (callback) URLs for the IdPs. A redirect URI must: - Be an absolute URI. - Be registered with the authorization server. - Not include a fragment component. See `OAuth 2.0 - Redirection Endpoint <https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6749#section-3.1.2>`_ . Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only. App callback URLs such as myapp://example are also supported.
         :param client_name: The client name for the user pool client you would like to create.
-        :param default_redirect_uri: The default redirect URI. Must be in the ``CallbackURLs`` list. A redirect URI must: - Be an absolute URI. - Be registered with the authorization server. - Not include a fragment component. See `OAuth 2.0 - Redirection Endpoint <https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6749#section-3.1.2>`_ . Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only. App callback URLs such as myapp://example are also supported.
+        :param default_redirect_uri: The default redirect URI. In app clients with one assigned IdP, replaces ``redirect_uri`` in authentication requests. Must be in the ``CallbackURLs`` list. A redirect URI must: - Be an absolute URI. - Be registered with the authorization server. - Not include a fragment component. For more information, see `Default redirect URI <https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#cognito-user-pools-app-idp-settings-about>`_ . Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only. App callback URLs such as myapp://example are also supported.
         :param enable_propagate_additional_user_context_data: Activates the propagation of additional user context data. For more information about propagation of user context data, see `Adding advanced security to a user pool <https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html>`_ . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate ``EnablePropagateAdditionalUserContextData`` in an app client that has a client secret.
         :param enable_token_revocation: Activates or deactivates token revocation. For more information about revoking tokens, see `RevokeToken <https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html>`_ . If you don't include this parameter, token revocation is automatically activated for the new user pool client.
         :param explicit_auth_flows: The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. .. epigraph:: If you don't specify a value for ``ExplicitAuthFlows`` , your user client supports ``ALLOW_REFRESH_TOKEN_AUTH`` , ``ALLOW_USER_SRP_AUTH`` , and ``ALLOW_CUSTOM_AUTH`` . Valid values include: - ``ALLOW_ADMIN_USER_PASSWORD_AUTH`` : Enable admin based user password authentication flow ``ADMIN_USER_PASSWORD_AUTH`` . This setting replaces the ``ADMIN_NO_SRP_AUTH`` setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password. - ``ALLOW_CUSTOM_AUTH`` : Enable Lambda trigger based authentication. - ``ALLOW_USER_PASSWORD_AUTH`` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords. - ``ALLOW_USER_SRP_AUTH`` : Enable SRP-based authentication. - ``ALLOW_REFRESH_TOKEN_AUTH`` : Enable authflow to refresh tokens. In some environments, you will see the values ``ADMIN_NO_SRP_AUTH`` , ``CUSTOM_AUTH_FLOW_ONLY`` , or ``USER_PASSWORD_AUTH`` . You can't assign these legacy ``ExplicitAuthFlows`` values to user pool clients at the same time as values that begin with ``ALLOW_`` , like ``ALLOW_USER_SRP_AUTH`` .
@@ -7532,7 +7547,9 @@ class CfnUserPoolClientProps:
 
     @builtins.property
     def default_redirect_uri(self) -> typing.Optional[builtins.str]:
-        '''The default redirect URI. Must be in the ``CallbackURLs`` list.
+        '''The default redirect URI.
+
+        In app clients with one assigned IdP, replaces ``redirect_uri`` in authentication requests. Must be in the ``CallbackURLs`` list.
 
         A redirect URI must:
 
@@ -7540,7 +7557,7 @@ class CfnUserPoolClientProps:
         - Be registered with the authorization server.
         - Not include a fragment component.
 
-        See `OAuth 2.0 - Redirection Endpoint <https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6749#section-3.1.2>`_ .
+        For more information, see `Default redirect URI <https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#cognito-user-pools-app-idp-settings-about>`_ .
 
         Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
 
@@ -9414,15 +9431,6 @@ class CfnUserPoolResourceServer(
         '''The CloudFormation resource type name for this resource class.'''
         return typing.cast(builtins.str, jsii.sget(cls, "CFN_RESOURCE_TYPE_NAME"))
 
-    @builtins.property
-    @jsii.member(jsii_name="attrId")
-    def attr_id(self) -> builtins.str:
-        '''The resource ID.
-
-        :cloudformationAttribute: Id
-        '''
-        return typing.cast(builtins.str, jsii.get(self, "attrId"))
-
     @builtins.property
     @jsii.member(jsii_name="cfnProperties")
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
@@ -13588,6 +13596,7 @@ class OAuthScope(
     jsii_struct_bases=[],
     name_mapping={
         "callback_urls": "callbackUrls",
+        "default_redirect_uri": "defaultRedirectUri",
         "flows": "flows",
         "logout_urls": "logoutUrls",
         "scopes": "scopes",
@@ -13598,6 +13607,7 @@ class OAuthSettings:
         self,
         *,
         callback_urls: typing.Optional[typing.Sequence[builtins.str]] = None,
+        default_redirect_uri: typing.Optional[builtins.str] = None,
         flows: typing.Optional[typing.Union[OAuthFlows, typing.Dict[builtins.str, typing.Any]]] = None,
         logout_urls: typing.Optional[typing.Sequence[builtins.str]] = None,
         scopes: typing.Optional[typing.Sequence[OAuthScope]] = None,
@@ -13605,6 +13615,7 @@ class OAuthSettings:
         '''OAuth settings to configure the interaction between the app and this client.
 
         :param callback_urls: List of allowed redirect URLs for the identity providers. Default: - ['https://example.com'] if either authorizationCodeGrant or implicitCodeGrant flows are enabled, no callback URLs otherwise.
+        :param default_redirect_uri: The default redirect URI. Must be in the ``callbackUrls`` list. A redirect URI must: - Be an absolute URI - Be registered with the authorization server. - Not include a fragment component. Default: - no default redirect URI
         :param flows: OAuth flows that are allowed with this client. Default: {authorizationCodeGrant:true,implicitCodeGrant:true}
         :param logout_urls: List of allowed logout URLs for the identity providers. Default: - no logout URLs
         :param scopes: OAuth scopes that are allowed with this client. Default: [OAuthScope.PHONE,OAuthScope.EMAIL,OAuthScope.OPENID,OAuthScope.PROFILE,OAuthScope.COGNITO_ADMIN]
@@ -13644,12 +13655,15 @@ class OAuthSettings:
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__9322fee969a93d621a972830c0fca7f51a16c368668af0d6da355939ca39b708)
             check_type(argname="argument callback_urls", value=callback_urls, expected_type=type_hints["callback_urls"])
+            check_type(argname="argument default_redirect_uri", value=default_redirect_uri, expected_type=type_hints["default_redirect_uri"])
             check_type(argname="argument flows", value=flows, expected_type=type_hints["flows"])
             check_type(argname="argument logout_urls", value=logout_urls, expected_type=type_hints["logout_urls"])
             check_type(argname="argument scopes", value=scopes, expected_type=type_hints["scopes"])
         self._values: typing.Dict[builtins.str, typing.Any] = {}
         if callback_urls is not None:
             self._values["callback_urls"] = callback_urls
+        if default_redirect_uri is not None:
+            self._values["default_redirect_uri"] = default_redirect_uri
         if flows is not None:
             self._values["flows"] = flows
         if logout_urls is not None:
@@ -13666,6 +13680,29 @@ class OAuthSettings:
         result = self._values.get("callback_urls")
         return typing.cast(typing.Optional[typing.List[builtins.str]], result)
 
+    @builtins.property
+    def default_redirect_uri(self) -> typing.Optional[builtins.str]:
+        '''The default redirect URI. Must be in the ``callbackUrls`` list.
+
+        A redirect URI must:
+
+        - Be an absolute URI
+        - Be registered with the authorization server.
+        - Not include a fragment component.
+
+        :default: - no default redirect URI
+
+        :see:
+
+        https://tools.ietf.org/html/rfc6749#section-3.1.2
+
+        Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
+
+        App callback URLs such as myapp://example are also supported.
+        '''
+        result = self._values.get("default_redirect_uri")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def flows(self) -> typing.Optional[OAuthFlows]:
         '''OAuth flows that are allowed with this client.
@@ -22570,6 +22607,7 @@ def _typecheckingstub__b161664ae7bfb1838c23dd6d7b35e7c009bedb80545b644df24485522
 def _typecheckingstub__9322fee969a93d621a972830c0fca7f51a16c368668af0d6da355939ca39b708(
     *,
     callback_urls: typing.Optional[typing.Sequence[builtins.str]] = None,
+    default_redirect_uri: typing.Optional[builtins.str] = None,
     flows: typing.Optional[typing.Union[OAuthFlows, typing.Dict[builtins.str, typing.Any]]] = None,
     logout_urls: typing.Optional[typing.Sequence[builtins.str]] = None,
     scopes: typing.Optional[typing.Sequence[OAuthScope]] = None,

aws_cdk/aws_comprehend/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS::Comprehend Construct Library
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.

aws_cdk/aws_config/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS Config Construct Library
 
 [AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/WhatIsConfig.html) provides a detailed view of the configuration of AWS resources in your AWS account.

aws_cdk/aws_connect/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS::Connect Construct Library
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.

aws_cdk/aws_connectcampaigns/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS::ConnectCampaigns Construct Library
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.

aws_cdk/aws_controltower/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS::ControlTower Construct Library
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.

aws_cdk/aws_cur/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS::CUR Construct Library
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.

aws_cdk/aws_customerprofiles/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS::CustomerProfiles Construct Library
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.

aws_cdk/aws_databrew/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS::DataBrew Construct Library
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.

aws_cdk/aws_datapipeline/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS Data Pipeline Construct Library
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.

aws_cdk/aws_datasync/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS::DataSync Construct Library
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.
@@ -109,10 +109,10 @@ class CfnAgent(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param activation_key: Specifies your DataSync agent's activation key. If you don't have an activation key, see `Activate your agent <https://docs.aws.amazon.com/datasync/latest/userguide/activate-agent.html>`_ .
-        :param agent_name: Specifies a name for your agent. You can see this name in the DataSync console.
+        :param activation_key: Specifies your DataSync agent's activation key. If you don't have an activation key, see `Activating your agent <https://docs.aws.amazon.com/datasync/latest/userguide/activate-agent.html>`_ .
+        :param agent_name: Specifies a name for your agent. We recommend specifying a name that you can remember.
         :param security_group_arns: The Amazon Resource Names (ARNs) of the security groups used to protect your data transfer task subnets. See `SecurityGroupArns <https://docs.aws.amazon.com/datasync/latest/userguide/API_Ec2Config.html#DataSync-Type-Ec2Config-SecurityGroupArns>`_ . *Pattern* : ``^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):ec2:[a-z\\-0-9]*:[0-9]{12}:security-group/.*$``
-        :param subnet_arns: Specifies the ARN of the subnet where you want to run your DataSync task when using a VPC endpoint. This is the subnet where DataSync creates and manages the `network interfaces <https://docs.aws.amazon.com/datasync/latest/userguide/datasync-network.html#required-network-interfaces>`_ for your transfer. You can only specify one ARN.
+        :param subnet_arns: Specifies the ARN of the subnet where your VPC service endpoint is located. You can only specify one ARN.
         :param tags: Specifies labels that help you categorize, filter, and search for your AWS resources. We recommend creating at least one tag for your agent.
         :param vpc_endpoint_id: The ID of the virtual private cloud (VPC) endpoint that the agent has access to. This is the client-side VPC endpoint, powered by AWS PrivateLink . If you don't have an AWS PrivateLink VPC endpoint, see `AWS PrivateLink and VPC endpoints <https://docs.aws.amazon.com//vpc/latest/userguide/endpoint-services-overview.html>`_ in the *Amazon VPC User Guide* . For more information about activating your agent in a private network based on a VPC, see `Using AWS DataSync in a Virtual Private Cloud <https://docs.aws.amazon.com/datasync/latest/userguide/datasync-in-vpc.html>`_ in the *AWS DataSync User Guide.* A VPC endpoint ID looks like this: ``vpce-01234d5aff67890e1`` .
         '''
@@ -239,7 +239,7 @@ class CfnAgent(
     @builtins.property
     @jsii.member(jsii_name="subnetArns")
     def subnet_arns(self) -> typing.Optional[typing.List[builtins.str]]:
-        '''Specifies the ARN of the subnet where you want to run your DataSync task when using a VPC endpoint.'''
+        '''Specifies the ARN of the subnet where your VPC service endpoint is located.'''
         return typing.cast(typing.Optional[typing.List[builtins.str]], jsii.get(self, "subnetArns"))
 
     @subnet_arns.setter
@@ -301,10 +301,10 @@ class CfnAgentProps:
     ) -> None:
         '''Properties for defining a ``CfnAgent``.
 
-        :param activation_key: Specifies your DataSync agent's activation key. If you don't have an activation key, see `Activate your agent <https://docs.aws.amazon.com/datasync/latest/userguide/activate-agent.html>`_ .
-        :param agent_name: Specifies a name for your agent. You can see this name in the DataSync console.
+        :param activation_key: Specifies your DataSync agent's activation key. If you don't have an activation key, see `Activating your agent <https://docs.aws.amazon.com/datasync/latest/userguide/activate-agent.html>`_ .
+        :param agent_name: Specifies a name for your agent. We recommend specifying a name that you can remember.
         :param security_group_arns: The Amazon Resource Names (ARNs) of the security groups used to protect your data transfer task subnets. See `SecurityGroupArns <https://docs.aws.amazon.com/datasync/latest/userguide/API_Ec2Config.html#DataSync-Type-Ec2Config-SecurityGroupArns>`_ . *Pattern* : ``^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):ec2:[a-z\\-0-9]*:[0-9]{12}:security-group/.*$``
-        :param subnet_arns: Specifies the ARN of the subnet where you want to run your DataSync task when using a VPC endpoint. This is the subnet where DataSync creates and manages the `network interfaces <https://docs.aws.amazon.com/datasync/latest/userguide/datasync-network.html#required-network-interfaces>`_ for your transfer. You can only specify one ARN.
+        :param subnet_arns: Specifies the ARN of the subnet where your VPC service endpoint is located. You can only specify one ARN.
         :param tags: Specifies labels that help you categorize, filter, and search for your AWS resources. We recommend creating at least one tag for your agent.
         :param vpc_endpoint_id: The ID of the virtual private cloud (VPC) endpoint that the agent has access to. This is the client-side VPC endpoint, powered by AWS PrivateLink . If you don't have an AWS PrivateLink VPC endpoint, see `AWS PrivateLink and VPC endpoints <https://docs.aws.amazon.com//vpc/latest/userguide/endpoint-services-overview.html>`_ in the *Amazon VPC User Guide* . For more information about activating your agent in a private network based on a VPC, see `Using AWS DataSync in a Virtual Private Cloud <https://docs.aws.amazon.com/datasync/latest/userguide/datasync-in-vpc.html>`_ in the *AWS DataSync User Guide.* A VPC endpoint ID looks like this: ``vpce-01234d5aff67890e1`` .
 
@@ -355,7 +355,7 @@ class CfnAgentProps:
     def activation_key(self) -> typing.Optional[builtins.str]:
         '''Specifies your DataSync agent's activation key.
 
-        If you don't have an activation key, see `Activate your agent <https://docs.aws.amazon.com/datasync/latest/userguide/activate-agent.html>`_ .
+        If you don't have an activation key, see `Activating your agent <https://docs.aws.amazon.com/datasync/latest/userguide/activate-agent.html>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-datasync-agent.html#cfn-datasync-agent-activationkey
         '''
@@ -366,7 +366,7 @@ class CfnAgentProps:
     def agent_name(self) -> typing.Optional[builtins.str]:
         '''Specifies a name for your agent.
 
-        You can see this name in the DataSync console.
+        We recommend specifying a name that you can remember.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-datasync-agent.html#cfn-datasync-agent-agentname
         '''
@@ -388,9 +388,9 @@ class CfnAgentProps:
 
     @builtins.property
     def subnet_arns(self) -> typing.Optional[typing.List[builtins.str]]:
-        '''Specifies the ARN of the subnet where you want to run your DataSync task when using a VPC endpoint.
+        '''Specifies the ARN of the subnet where your VPC service endpoint is located.
 
-        This is the subnet where DataSync creates and manages the `network interfaces <https://docs.aws.amazon.com/datasync/latest/userguide/datasync-network.html#required-network-interfaces>`_ for your transfer. You can only specify one ARN.
+        You can only specify one ARN.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-datasync-agent.html#cfn-datasync-agent-subnetarns
         '''

aws_cdk/aws_datazone/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS::DataZone Construct Library
 
 <!--BEGIN STABILITY BANNER-->---

aws_cdk/aws_dax/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # Amazon DynamoDB Accelerator Construct Library
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.

aws_cdk/aws_deadline/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS::Deadline Construct Library
 
 <!--BEGIN STABILITY BANNER-->---
@@ -3240,7 +3240,8 @@ class CfnMonitor(
     @builtins.property
     @jsii.member(jsii_name="attrArn")
     def attr_arn(self) -> builtins.str:
-        '''
+        '''The Amazon Resource Name (ARN) of the monitor.
+
         :cloudformationAttribute: Arn
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrArn"))

aws_cdk/aws_detective/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS::Detective Construct Library
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.

aws_cdk/aws_devicefarm/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS::DeviceFarm Construct Library
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.

aws_cdk/aws_devopsguru/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS::DevOpsGuru Construct Library
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.

aws_cdk/aws_directoryservice/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS Directory Service Construct Library
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.

aws_cdk/aws_dlm/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # Amazon Data Lifecycle Manager Construct Library
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.

aws_cdk/aws_dms/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS Database Migration Service Construct Library
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.
@@ -9514,7 +9514,7 @@ class CfnReplicationConfig(
     @builtins.property
     @jsii.member(jsii_name="attrReplicationConfigArn")
     def attr_replication_config_arn(self) -> builtins.str:
-        '''The Amazon Resource Name (ARN) of the Replication Config.
+        '''The Amazon Resource Name (ARN) of this AWS DMS Serverless replication configuration.
 
         :cloudformationAttribute: ReplicationConfigArn
         '''

aws_cdk/aws_docdb/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # Amazon DocumentDB Construct Library
 
 ## Starting a Clustered Database

aws_cdk/aws_docdbelastic/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS::DocDBElastic Construct Library
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.