aws-cdk-lib 2.148.0__py3-none-any.whl → 2.149.0__py3-none-any.whl

aws_cdk/aws_stepfunctions_tasks/__init__.py

@@ -316,6 +316,28 @@ start_query_execution_job = tasks.AthenaStartQueryExecution(self, "Start Athena
 )
 ```
 
+You can reuse the query results by setting the `resultReuseConfigurationMaxAge` property.
+
+```python
+start_query_execution_job = tasks.AthenaStartQueryExecution(self, "Start Athena Query",
+    query_string=sfn.JsonPath.string_at("$.queryString"),
+    query_execution_context=tasks.QueryExecutionContext(
+        database_name="mydatabase"
+    ),
+    result_configuration=tasks.ResultConfiguration(
+        encryption_configuration=tasks.EncryptionConfiguration(
+            encryption_option=tasks.EncryptionOption.S3_MANAGED
+        ),
+        output_location=s3.Location(
+            bucket_name="query-results-bucket",
+            object_key="folder"
+        )
+    ),
+    execution_parameters=["param1", "param2"],
+    result_reuse_configuration_max_age=Duration.minutes(100)
+)
+```
+
 ### GetQueryExecution
 
 The [GetQueryExecution](https://docs.aws.amazon.com/athena/latest/APIReference/API_GetQueryExecution.html) API gets information about a single execution of a query.
@@ -398,6 +420,30 @@ task = tasks.BedrockInvokeModel(self, "Prompt Model",
 )
 ```
 
+You can apply a guardrail to the invocation by setting `guardrail`.
+
+```python
+import aws_cdk.aws_bedrock as bedrock
+
+
+model = bedrock.FoundationModel.from_foundation_model_id(self, "Model", bedrock.FoundationModelIdentifier.AMAZON_TITAN_TEXT_G1_EXPRESS_V1)
+
+task = tasks.BedrockInvokeModel(self, "Prompt Model with guardrail",
+    model=model,
+    body=sfn.TaskInput.from_object({
+        "input_text": "Generate a list of five first names.",
+        "text_generation_config": {
+            "max_token_count": 100,
+            "temperature": 1
+        }
+    }),
+    guardrail=tasks.Guardrail.enable("guardrailId", 1),
+    result_selector={
+        "names": sfn.JsonPath.string_at("$.Body.results[0].outputText")
+    }
+)
+```
+
 ## CodeBuild
 
 Step Functions supports [CodeBuild](https://docs.aws.amazon.com/step-functions/latest/dg/connect-codebuild.html) through the service integration pattern.
@@ -3018,6 +3064,7 @@ class AthenaStartQueryExecution(
         execution_parameters: typing.Optional[typing.Sequence[builtins.str]] = None,
         query_execution_context: typing.Optional[typing.Union["QueryExecutionContext", typing.Dict[builtins.str, typing.Any]]] = None,
         result_configuration: typing.Optional[typing.Union["ResultConfiguration", typing.Dict[builtins.str, typing.Any]]] = None,
+        result_reuse_configuration_max_age: typing.Optional[_Duration_4839e8c3] = None,
         work_group: typing.Optional[builtins.str] = None,
         comment: typing.Optional[builtins.str] = None,
         credentials: typing.Optional[typing.Union[_Credentials_2cd64c6b, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -3040,6 +3087,7 @@ class AthenaStartQueryExecution(
         :param execution_parameters: A list of values for the parameters in a query. The values are applied sequentially to the parameters in the query in the order in which the parameters occur. Default: - No parameters
         :param query_execution_context: Database within which query executes. Default: - No query execution context
         :param result_configuration: Configuration on how and where to save query. Default: - No result configuration
+        :param result_reuse_configuration_max_age: Specifies, in minutes, the maximum age of a previous query result that Athena should consider for reuse. Default: - Query results are not reused
         :param work_group: Configuration on how and where to save query. Default: - No work group
         :param comment: An optional description for this state. Default: - No comment
         :param credentials: Credentials for an IAM Role that the State Machine assumes for executing the task. This enables cross-account resource invocations. Default: - None (Task is executed using the State Machine's execution role)
@@ -3064,6 +3112,7 @@ class AthenaStartQueryExecution(
             execution_parameters=execution_parameters,
             query_execution_context=query_execution_context,
             result_configuration=result_configuration,
+            result_reuse_configuration_max_age=result_reuse_configuration_max_age,
             work_group=work_group,
             comment=comment,
             credentials=credentials,
@@ -3113,6 +3162,7 @@ class AthenaStartQueryExecution(
         "execution_parameters": "executionParameters",
         "query_execution_context": "queryExecutionContext",
         "result_configuration": "resultConfiguration",
+        "result_reuse_configuration_max_age": "resultReuseConfigurationMaxAge",
         "work_group": "workGroup",
     },
 )
@@ -3137,6 +3187,7 @@ class AthenaStartQueryExecutionProps(_TaskStateBaseProps_3a62b6d0):
         execution_parameters: typing.Optional[typing.Sequence[builtins.str]] = None,
         query_execution_context: typing.Optional[typing.Union["QueryExecutionContext", typing.Dict[builtins.str, typing.Any]]] = None,
         result_configuration: typing.Optional[typing.Union["ResultConfiguration", typing.Dict[builtins.str, typing.Any]]] = None,
+        result_reuse_configuration_max_age: typing.Optional[_Duration_4839e8c3] = None,
         work_group: typing.Optional[builtins.str] = None,
     ) -> None:
         '''Properties for starting a Query Execution.
@@ -3158,6 +3209,7 @@ class AthenaStartQueryExecutionProps(_TaskStateBaseProps_3a62b6d0):
         :param execution_parameters: A list of values for the parameters in a query. The values are applied sequentially to the parameters in the query in the order in which the parameters occur. Default: - No parameters
         :param query_execution_context: Database within which query executes. Default: - No query execution context
         :param result_configuration: Configuration on how and where to save query. Default: - No result configuration
+        :param result_reuse_configuration_max_age: Specifies, in minutes, the maximum age of a previous query result that Athena should consider for reuse. Default: - Query results are not reused
         :param work_group: Configuration on how and where to save query. Default: - No work group
 
         :exampleMetadata: infused
@@ -3206,6 +3258,7 @@ class AthenaStartQueryExecutionProps(_TaskStateBaseProps_3a62b6d0):
             check_type(argname="argument execution_parameters", value=execution_parameters, expected_type=type_hints["execution_parameters"])
             check_type(argname="argument query_execution_context", value=query_execution_context, expected_type=type_hints["query_execution_context"])
             check_type(argname="argument result_configuration", value=result_configuration, expected_type=type_hints["result_configuration"])
+            check_type(argname="argument result_reuse_configuration_max_age", value=result_reuse_configuration_max_age, expected_type=type_hints["result_reuse_configuration_max_age"])
             check_type(argname="argument work_group", value=work_group, expected_type=type_hints["work_group"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "query_string": query_string,
@@ -3242,6 +3295,8 @@ class AthenaStartQueryExecutionProps(_TaskStateBaseProps_3a62b6d0):
             self._values["query_execution_context"] = query_execution_context
         if result_configuration is not None:
             self._values["result_configuration"] = result_configuration
+        if result_reuse_configuration_max_age is not None:
+            self._values["result_reuse_configuration_max_age"] = result_reuse_configuration_max_age
         if work_group is not None:
             self._values["work_group"] = work_group
 
@@ -3446,6 +3501,15 @@ class AthenaStartQueryExecutionProps(_TaskStateBaseProps_3a62b6d0):
         result = self._values.get("result_configuration")
         return typing.cast(typing.Optional["ResultConfiguration"], result)
 
+    @builtins.property
+    def result_reuse_configuration_max_age(self) -> typing.Optional[_Duration_4839e8c3]:
+        '''Specifies, in minutes, the maximum age of a previous query result that Athena should consider for reuse.
+
+        :default: - Query results are not reused
+        '''
+        result = self._values.get("result_reuse_configuration_max_age")
+        return typing.cast(typing.Optional[_Duration_4839e8c3], result)
+
     @builtins.property
     def work_group(self) -> typing.Optional[builtins.str]:
         '''Configuration on how and where to save query.
@@ -4660,8 +4724,10 @@ class BedrockInvokeModel(
         accept: typing.Optional[builtins.str] = None,
         body: typing.Optional[_TaskInput_91b91b91] = None,
         content_type: typing.Optional[builtins.str] = None,
+        guardrail: typing.Optional["Guardrail"] = None,
         input: typing.Optional[typing.Union["BedrockInvokeModelInputProps", typing.Dict[builtins.str, typing.Any]]] = None,
         output: typing.Optional[typing.Union["BedrockInvokeModelOutputProps", typing.Dict[builtins.str, typing.Any]]] = None,
+        trace_enabled: typing.Optional[builtins.bool] = None,
         comment: typing.Optional[builtins.str] = None,
         credentials: typing.Optional[typing.Union[_Credentials_2cd64c6b, typing.Dict[builtins.str, typing.Any]]] = None,
         heartbeat: typing.Optional[_Duration_4839e8c3] = None,
@@ -4680,10 +4746,12 @@ class BedrockInvokeModel(
         :param id: Descriptive identifier for this chainable.
         :param model: The Bedrock model that the task will invoke.
         :param accept: The desired MIME type of the inference body in the response. Default: 'application/json'
-        :param body: The input data for the Bedrock model invocation. The inference parameters contained in the body depend on the Bedrock model being used. The body must be in the format specified in the ``contentType`` field. For example, if the content type is ``application/json``, the body must be JSON formatted. The body must be up to 256 KB in size. For input data that exceeds 256 KB, use ``input`` instead to retrieve the input data from S3. You must specify either the ``body`` or the ``input`` field, but not both. Default: Input data is retrieved from the location specified in the ``input`` field
-        :param content_type: The MIME type of the input data in the request. Default: 'application/json'
-        :param input: The source location to retrieve the input data from. Default: Input data is retrieved from the ``body`` field
-        :param output: The destination location where the API response is written. If you specify this field, the API response body is replaced with a reference to the output location. Default: The API response body is returned in the result.
+        :param body: The input data for the Bedrock model invocation. The inference parameters contained in the body depend on the Bedrock model being used. The body must be in the format specified in the ``contentType`` field. For example, if the content type is ``application/json``, the body must be JSON formatted. The body must be up to 256 KB in size. For input data that exceeds 256 KB, use ``input`` instead to retrieve the input data from S3. You must specify either the ``body`` or the ``input`` field, but not both. Default: - Input data is retrieved from the location specified in the ``input`` field
+        :param content_type: (deprecated) The MIME type of the input data in the request. Default: 'application/json'
+        :param guardrail: The guardrail is applied to the invocation. Default: - No guardrail is applied to the invocation.
+        :param input: The source location to retrieve the input data from. Default: - Input data is retrieved from the ``body`` field
+        :param output: The destination location where the API response is written. If you specify this field, the API response body is replaced with a reference to the output location. Default: - The API response body is returned in the result.
+        :param trace_enabled: Specifies whether to enable or disable the Bedrock trace. Default: - Trace is not enabled for the invocation.
         :param comment: An optional description for this state. Default: - No comment
         :param credentials: Credentials for an IAM Role that the State Machine assumes for executing the task. This enables cross-account resource invocations. Default: - None (Task is executed using the State Machine's execution role)
         :param heartbeat: (deprecated) Timeout for the heartbeat. Default: - None
@@ -4706,8 +4774,10 @@ class BedrockInvokeModel(
             accept=accept,
             body=body,
             content_type=content_type,
+            guardrail=guardrail,
             input=input,
             output=output,
+            trace_enabled=trace_enabled,
             comment=comment,
             credentials=credentials,
             heartbeat=heartbeat,
@@ -4748,7 +4818,7 @@ class BedrockInvokeModelInputProps:
     ) -> None:
         '''Location to retrieve the input data, prior to calling Bedrock InvokeModel.
 
-        :param s3_location: S3 object to retrieve the input data from. If the S3 location is not set, then the Body must be set. Default: Input data is retrieved from the ``body`` field
+        :param s3_location: S3 object to retrieve the input data from. If the S3 location is not set, then the Body must be set. Default: - Input data is retrieved from the ``body`` field
 
         :see: https://docs.aws.amazon.com/step-functions/latest/dg/connect-bedrock.html
         :exampleMetadata: fixture=_generated
@@ -4784,7 +4854,7 @@ class BedrockInvokeModelInputProps:
 
         If the S3 location is not set, then the Body must be set.
 
-        :default: Input data is retrieved from the ``body`` field
+        :default: - Input data is retrieved from the ``body`` field
         '''
         result = self._values.get("s3_location")
         return typing.cast(typing.Optional[_Location_0948fa7f], result)
@@ -4814,7 +4884,7 @@ class BedrockInvokeModelOutputProps:
     ) -> None:
         '''Location where the Bedrock InvokeModel API response is written.
 
-        :param s3_location: S3 object where the Bedrock InvokeModel API response is written. If you specify this field, the API response body is replaced with a reference to the Amazon S3 location of the original output. Default: Response body is returned in the task result
+        :param s3_location: S3 object where the Bedrock InvokeModel API response is written. If you specify this field, the API response body is replaced with a reference to the Amazon S3 location of the original output. Default: - Response body is returned in the task result
 
         :see: https://docs.aws.amazon.com/step-functions/latest/dg/connect-bedrock.html
         :exampleMetadata: fixture=_generated
@@ -4851,7 +4921,7 @@ class BedrockInvokeModelOutputProps:
         If you specify this field, the API response body is replaced with
         a reference to the Amazon S3 location of the original output.
 
-        :default: Response body is returned in the task result
+        :default: - Response body is returned in the task result
         '''
         result = self._values.get("s3_location")
         return typing.cast(typing.Optional[_Location_0948fa7f], result)
@@ -4888,8 +4958,10 @@ class BedrockInvokeModelOutputProps:
         "accept": "accept",
         "body": "body",
         "content_type": "contentType",
+        "guardrail": "guardrail",
         "input": "input",
         "output": "output",
+        "trace_enabled": "traceEnabled",
     },
 )
 class BedrockInvokeModelProps(_TaskStateBaseProps_3a62b6d0):
@@ -4912,8 +4984,10 @@ class BedrockInvokeModelProps(_TaskStateBaseProps_3a62b6d0):
         accept: typing.Optional[builtins.str] = None,
         body: typing.Optional[_TaskInput_91b91b91] = None,
         content_type: typing.Optional[builtins.str] = None,
+        guardrail: typing.Optional["Guardrail"] = None,
         input: typing.Optional[typing.Union[BedrockInvokeModelInputProps, typing.Dict[builtins.str, typing.Any]]] = None,
         output: typing.Optional[typing.Union[BedrockInvokeModelOutputProps, typing.Dict[builtins.str, typing.Any]]] = None,
+        trace_enabled: typing.Optional[builtins.bool] = None,
     ) -> None:
         '''Properties for invoking a Bedrock Model.
 
@@ -4931,10 +5005,12 @@ class BedrockInvokeModelProps(_TaskStateBaseProps_3a62b6d0):
         :param timeout: (deprecated) Timeout for the task. Default: - None
         :param model: The Bedrock model that the task will invoke.
         :param accept: The desired MIME type of the inference body in the response. Default: 'application/json'
-        :param body: The input data for the Bedrock model invocation. The inference parameters contained in the body depend on the Bedrock model being used. The body must be in the format specified in the ``contentType`` field. For example, if the content type is ``application/json``, the body must be JSON formatted. The body must be up to 256 KB in size. For input data that exceeds 256 KB, use ``input`` instead to retrieve the input data from S3. You must specify either the ``body`` or the ``input`` field, but not both. Default: Input data is retrieved from the location specified in the ``input`` field
-        :param content_type: The MIME type of the input data in the request. Default: 'application/json'
-        :param input: The source location to retrieve the input data from. Default: Input data is retrieved from the ``body`` field
-        :param output: The destination location where the API response is written. If you specify this field, the API response body is replaced with a reference to the output location. Default: The API response body is returned in the result.
+        :param body: The input data for the Bedrock model invocation. The inference parameters contained in the body depend on the Bedrock model being used. The body must be in the format specified in the ``contentType`` field. For example, if the content type is ``application/json``, the body must be JSON formatted. The body must be up to 256 KB in size. For input data that exceeds 256 KB, use ``input`` instead to retrieve the input data from S3. You must specify either the ``body`` or the ``input`` field, but not both. Default: - Input data is retrieved from the location specified in the ``input`` field
+        :param content_type: (deprecated) The MIME type of the input data in the request. Default: 'application/json'
+        :param guardrail: The guardrail is applied to the invocation. Default: - No guardrail is applied to the invocation.
+        :param input: The source location to retrieve the input data from. Default: - Input data is retrieved from the ``body`` field
+        :param output: The destination location where the API response is written. If you specify this field, the API response body is replaced with a reference to the output location. Default: - The API response body is returned in the result.
+        :param trace_enabled: Specifies whether to enable or disable the Bedrock trace. Default: - Trace is not enabled for the invocation.
 
         :exampleMetadata: infused
 
@@ -4983,8 +5059,10 @@ class BedrockInvokeModelProps(_TaskStateBaseProps_3a62b6d0):
             check_type(argname="argument accept", value=accept, expected_type=type_hints["accept"])
             check_type(argname="argument body", value=body, expected_type=type_hints["body"])
             check_type(argname="argument content_type", value=content_type, expected_type=type_hints["content_type"])
+            check_type(argname="argument guardrail", value=guardrail, expected_type=type_hints["guardrail"])
             check_type(argname="argument input", value=input, expected_type=type_hints["input"])
             check_type(argname="argument output", value=output, expected_type=type_hints["output"])
+            check_type(argname="argument trace_enabled", value=trace_enabled, expected_type=type_hints["trace_enabled"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "model": model,
         }
@@ -5018,10 +5096,14 @@ class BedrockInvokeModelProps(_TaskStateBaseProps_3a62b6d0):
             self._values["body"] = body
         if content_type is not None:
             self._values["content_type"] = content_type
+        if guardrail is not None:
+            self._values["guardrail"] = guardrail
         if input is not None:
             self._values["input"] = input
         if output is not None:
             self._values["output"] = output
+        if trace_enabled is not None:
+            self._values["trace_enabled"] = trace_enabled
 
     @builtins.property
     def comment(self) -> typing.Optional[builtins.str]:
@@ -5214,7 +5296,7 @@ class BedrockInvokeModelProps(_TaskStateBaseProps_3a62b6d0):
 
         You must specify either the ``body`` or the ``input`` field, but not both.
 
-        :default: Input data is retrieved from the location specified in the ``input`` field
+        :default: - Input data is retrieved from the location specified in the ``input`` field
 
         :see: https://docs.aws.amazon.com/bedrock/latest/userguide/model-parameters.html
         '''
@@ -5223,20 +5305,32 @@ class BedrockInvokeModelProps(_TaskStateBaseProps_3a62b6d0):
 
     @builtins.property
     def content_type(self) -> typing.Optional[builtins.str]:
-        '''The MIME type of the input data in the request.
+        '''(deprecated) The MIME type of the input data in the request.
 
         :default: 'application/json'
 
+        :deprecated: This property does not require configuration because the only acceptable value is 'application/json'.
+
         :see: https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_InvokeModel.html
+        :stability: deprecated
         '''
         result = self._values.get("content_type")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def guardrail(self) -> typing.Optional["Guardrail"]:
+        '''The guardrail is applied to the invocation.
+
+        :default: - No guardrail is applied to the invocation.
+        '''
+        result = self._values.get("guardrail")
+        return typing.cast(typing.Optional["Guardrail"], result)
+
     @builtins.property
     def input(self) -> typing.Optional[BedrockInvokeModelInputProps]:
         '''The source location to retrieve the input data from.
 
-        :default: Input data is retrieved from the ``body`` field
+        :default: - Input data is retrieved from the ``body`` field
         '''
         result = self._values.get("input")
         return typing.cast(typing.Optional[BedrockInvokeModelInputProps], result)
@@ -5248,11 +5342,20 @@ class BedrockInvokeModelProps(_TaskStateBaseProps_3a62b6d0):
         If you specify this field, the API response body is replaced with a reference to the
         output location.
 
-        :default: The API response body is returned in the result.
+        :default: - The API response body is returned in the result.
         '''
         result = self._values.get("output")
         return typing.cast(typing.Optional[BedrockInvokeModelOutputProps], result)
 
+    @builtins.property
+    def trace_enabled(self) -> typing.Optional[builtins.bool]:
+        '''Specifies whether to enable or disable the Bedrock trace.
+
+        :default: - Trace is not enabled for the invocation.
+        '''
+        result = self._values.get("trace_enabled")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -24254,6 +24357,76 @@ class GlueStartJobRunProps(_TaskStateBaseProps_3a62b6d0):
         )
 
 
+class Guardrail(
+    metaclass=jsii.JSIIMeta,
+    jsii_type="aws-cdk-lib.aws_stepfunctions_tasks.Guardrail",
+):
+    '''Guradrail settings for BedrockInvokeModel.
+
+    :exampleMetadata: infused
+
+    Example::
+
+        import aws_cdk.aws_bedrock as bedrock
+        
+        
+        model = bedrock.FoundationModel.from_foundation_model_id(self, "Model", bedrock.FoundationModelIdentifier.AMAZON_TITAN_TEXT_G1_EXPRESS_V1)
+        
+        task = tasks.BedrockInvokeModel(self, "Prompt Model with guardrail",
+            model=model,
+            body=sfn.TaskInput.from_object({
+                "input_text": "Generate a list of five first names.",
+                "text_generation_config": {
+                    "max_token_count": 100,
+                    "temperature": 1
+                }
+            }),
+            guardrail=tasks.Guardrail.enable("guardrailId", 1),
+            result_selector={
+                "names": sfn.JsonPath.string_at("$.Body.results[0].outputText")
+            }
+        )
+    '''
+
+    @jsii.member(jsii_name="enable")
+    @builtins.classmethod
+    def enable(cls, identifier: builtins.str, version: jsii.Number) -> "Guardrail":
+        '''Enable guardrail.
+
+        :param identifier: The id or arn of the guardrail.
+        :param version: The version of the guardrail.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__5fa6ebe8b4dbacaaab9ce1d7f96201628e8429b6f1e9480ecaf651f59e53f917)
+            check_type(argname="argument identifier", value=identifier, expected_type=type_hints["identifier"])
+            check_type(argname="argument version", value=version, expected_type=type_hints["version"])
+        return typing.cast("Guardrail", jsii.sinvoke(cls, "enable", [identifier, version]))
+
+    @jsii.member(jsii_name="enableDraft")
+    @builtins.classmethod
+    def enable_draft(cls, identifier: builtins.str) -> "Guardrail":
+        '''Enable guardrail with DRAFT version.
+
+        :param identifier: The identifier of the guardrail. Must be between 1 and 2048 characters in length.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__7303b9390112fa7a595653a20262a8472e6088014bf04484e53c9069efdff499)
+            check_type(argname="argument identifier", value=identifier, expected_type=type_hints["identifier"])
+        return typing.cast("Guardrail", jsii.sinvoke(cls, "enableDraft", [identifier]))
+
+    @builtins.property
+    @jsii.member(jsii_name="guardrailIdentifier")
+    def guardrail_identifier(self) -> builtins.str:
+        '''The identitifier of guardrail.'''
+        return typing.cast(builtins.str, jsii.get(self, "guardrailIdentifier"))
+
+    @builtins.property
+    @jsii.member(jsii_name="guardrailVersion")
+    def guardrail_version(self) -> builtins.str:
+        '''The version of guardrail.'''
+        return typing.cast(builtins.str, jsii.get(self, "guardrailVersion"))
+
+
 class HttpInvoke(
     _TaskStateBase_b5c0a816,
     metaclass=jsii.JSIIMeta,
@@ -34100,6 +34273,7 @@ __all__ = [
     "GlueStartCrawlerRunProps",
     "GlueStartJobRun",
     "GlueStartJobRunProps",
+    "Guardrail",
     "HttpInvoke",
     "HttpInvokeProps",
     "HttpMethod",
@@ -34305,6 +34479,7 @@ def _typecheckingstub__74ee21cd0bad6760da4cd18a6c4cd846a24d69d25b7bac8eb004edf64
     execution_parameters: typing.Optional[typing.Sequence[builtins.str]] = None,
     query_execution_context: typing.Optional[typing.Union[QueryExecutionContext, typing.Dict[builtins.str, typing.Any]]] = None,
     result_configuration: typing.Optional[typing.Union[ResultConfiguration, typing.Dict[builtins.str, typing.Any]]] = None,
+    result_reuse_configuration_max_age: typing.Optional[_Duration_4839e8c3] = None,
     work_group: typing.Optional[builtins.str] = None,
     comment: typing.Optional[builtins.str] = None,
     credentials: typing.Optional[typing.Union[_Credentials_2cd64c6b, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -34341,6 +34516,7 @@ def _typecheckingstub__d2b6c9868cc3485b4ed4a4ef1f89308086ff873bc4d86413aa4b420c9
     execution_parameters: typing.Optional[typing.Sequence[builtins.str]] = None,
     query_execution_context: typing.Optional[typing.Union[QueryExecutionContext, typing.Dict[builtins.str, typing.Any]]] = None,
     result_configuration: typing.Optional[typing.Union[ResultConfiguration, typing.Dict[builtins.str, typing.Any]]] = None,
+    result_reuse_configuration_max_age: typing.Optional[_Duration_4839e8c3] = None,
     work_group: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""
@@ -34470,8 +34646,10 @@ def _typecheckingstub__3b20c515efa874adacf78d373dbda10fc59e519a3bd1b280ecbf56409
     accept: typing.Optional[builtins.str] = None,
     body: typing.Optional[_TaskInput_91b91b91] = None,
     content_type: typing.Optional[builtins.str] = None,
+    guardrail: typing.Optional[Guardrail] = None,
     input: typing.Optional[typing.Union[BedrockInvokeModelInputProps, typing.Dict[builtins.str, typing.Any]]] = None,
     output: typing.Optional[typing.Union[BedrockInvokeModelOutputProps, typing.Dict[builtins.str, typing.Any]]] = None,
+    trace_enabled: typing.Optional[builtins.bool] = None,
     comment: typing.Optional[builtins.str] = None,
     credentials: typing.Optional[typing.Union[_Credentials_2cd64c6b, typing.Dict[builtins.str, typing.Any]]] = None,
     heartbeat: typing.Optional[_Duration_4839e8c3] = None,
@@ -34520,8 +34698,10 @@ def _typecheckingstub__a9bf54cbc3850dd1a65ada3b96e97b5e68b7027badd90592dbcc79a35
     accept: typing.Optional[builtins.str] = None,
     body: typing.Optional[_TaskInput_91b91b91] = None,
     content_type: typing.Optional[builtins.str] = None,
+    guardrail: typing.Optional[Guardrail] = None,
     input: typing.Optional[typing.Union[BedrockInvokeModelInputProps, typing.Dict[builtins.str, typing.Any]]] = None,
     output: typing.Optional[typing.Union[BedrockInvokeModelOutputProps, typing.Dict[builtins.str, typing.Any]]] = None,
+    trace_enabled: typing.Optional[builtins.bool] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -36424,6 +36604,19 @@ def _typecheckingstub__6a5a6a067402f20efc3f218ecff8d7cae8c7206cf0bfb73907469d47f
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__5fa6ebe8b4dbacaaab9ce1d7f96201628e8429b6f1e9480ecaf651f59e53f917(
+    identifier: builtins.str,
+    version: jsii.Number,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__7303b9390112fa7a595653a20262a8472e6088014bf04484e53c9069efdff499(
+    identifier: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__380dcb304dd02d709d798634fa365c757bcaa7593ab7542271009736c47d0329(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,

aws_cdk/aws_verifiedpermissions/__init__.py

@@ -143,7 +143,7 @@ class CfnIdentitySource(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param configuration: Contains configuration information about an identity source.
+        :param configuration: Contains configuration information used when creating a new identity source.
         :param policy_store_id: Specifies the ID of the policy store in which you want to store this identity source. Only policies and requests made using this policy store can reference identities from the identity provider configured in the new identity source.
         :param principal_entity_type: Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source.
         '''
@@ -248,7 +248,7 @@ class CfnIdentitySource(
     def configuration(
         self,
     ) -> typing.Union[_IResolvable_da3f097b, "CfnIdentitySource.IdentitySourceConfigurationProperty"]:
-        '''Contains configuration information about an identity source.'''
+        '''Contains configuration information used when creating a new identity source.'''
         return typing.cast(typing.Union[_IResolvable_da3f097b, "CfnIdentitySource.IdentitySourceConfigurationProperty"], jsii.get(self, "configuration"))
 
     @configuration.setter
@@ -296,8 +296,6 @@ class CfnIdentitySource(
         def __init__(self, *, group_entity_type: builtins.str) -> None:
             '''The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source.
 
-            This data type is part of a `CognitoUserPoolConfiguration <https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CognitoUserPoolConfiguration.html>`_ structure and is a request parameter in `CreateIdentitySource <https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html>`_ .
-
             :param group_entity_type: The name of the schema entity type that's mapped to the user pool group. Defaults to ``AWS::CognitoGroup`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-cognitogroupconfiguration.html
@@ -1145,7 +1143,7 @@ class CfnIdentitySourceProps:
     ) -> None:
         '''Properties for defining a ``CfnIdentitySource``.
 
-        :param configuration: Contains configuration information about an identity source.
+        :param configuration: Contains configuration information used when creating a new identity source.
         :param policy_store_id: Specifies the ID of the policy store in which you want to store this identity source. Only policies and requests made using this policy store can reference identities from the identity provider configured in the new identity source.
         :param principal_entity_type: Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source.
 
@@ -1212,7 +1210,7 @@ class CfnIdentitySourceProps:
     def configuration(
         self,
     ) -> typing.Union[_IResolvable_da3f097b, CfnIdentitySource.IdentitySourceConfigurationProperty]:
-        '''Contains configuration information about an identity source.
+        '''Contains configuration information used when creating a new identity source.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-verifiedpermissions-identitysource.html#cfn-verifiedpermissions-identitysource-configuration
         '''
@@ -1263,7 +1261,7 @@ class CfnPolicy(
 
     You can create either a static policy or a policy linked to a policy template.
 
-    You can directly update only static policies. To update a template-linked policy, you must update it's linked policy template instead.
+    You can directly update only static policies. To update a template-linked policy, you must update its linked policy template instead.
 
     - To create a static policy, in the ``Definition`` include a ``Static`` element that includes the Cedar policy text in the ``Statement`` element.
     - To create a policy that is dynamically linked to a policy template, in the ``Definition`` include a ``Templatelinked`` element that specifies the policy template ID and the principal and resource to associate with this policy. If the policy template is ever updated, any policies linked to the policy template automatically use the updated template.
@@ -2056,7 +2054,7 @@ class CfnPolicyStore(
 
             If the validation mode for the policy store is set to ``STRICT`` , then policies that can't be validated by this schema are rejected by Verified Permissions and can't be stored in the policy store.
 
-            :param cedar_json: A JSON string representation of the schema supported by applications that use this policy store. For more information, see `Policy store schema <https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/schema.html>`_ in the *Amazon Verified Permissions User Guide* .
+            :param cedar_json: A JSON string representation of the schema supported by applications that use this policy store. For more information, see `Policy store schema <https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/schema.html>`_ in the AVP User Guide.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-policystore-schemadefinition.html
             :exampleMetadata: fixture=_generated
@@ -2082,7 +2080,7 @@ class CfnPolicyStore(
         def cedar_json(self) -> typing.Optional[builtins.str]:
             '''A JSON string representation of the schema supported by applications that use this policy store.
 
-            For more information, see `Policy store schema <https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/schema.html>`_ in the *Amazon Verified Permissions User Guide* .
+            For more information, see `Policy store schema <https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/schema.html>`_ in the AVP User Guide.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-policystore-schemadefinition.html#cfn-verifiedpermissions-policystore-schemadefinition-cedarjson
             '''

aws_cdk/aws_wafv2/__init__.py

@@ -5476,9 +5476,11 @@ class CfnRuleGroup(
 
             Example JSON: ``"JsonBody": { "MatchPattern": { "All": {} }, "MatchScope": "ALL" }``
 
+            For additional information about this request component option, see `JSON body <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body>`_ in the *AWS WAF Developer Guide* .
+
             :param match_pattern: The patterns to look for in the JSON body. AWS WAF inspects the results of these pattern matches against the rule inspection criteria.
             :param match_scope: The parts of the JSON to match against using the ``MatchPattern`` . If you specify ``ALL`` , AWS WAF matches against keys and values. ``All`` does not require a match to be found in the keys and a match to be found in the values. It requires a match to be found in the keys or the values or both. To require a match in the keys and in the values, use a logical ``AND`` statement to combine two match rules, one that inspects the keys and another that inspects the values.
-            :param invalid_fallback_behavior: What AWS WAF should do if it fails to completely parse the JSON body. The options are the following:. - ``EVALUATE_AS_STRING`` - Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters. AWS WAF does its best to parse the entire JSON body, but might be forced to stop for reasons such as invalid characters, duplicate keys, truncation, and any content whose root node isn't an object or an array. AWS WAF parses the JSON in the following examples as two valid key, value pairs: - Missing comma: ``{"key1":"value1""key2":"value2"}`` - Missing colon: ``{"key1":"value1","key2""value2"}`` - Extra colons: ``{"key1"::"value1","key2""value2"}``
+            :param invalid_fallback_behavior: What AWS WAF should do if it fails to completely parse the JSON body. The options are the following:. - ``EVALUATE_AS_STRING`` - Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters. .. epigraph:: AWS WAF parsing doesn't fully validate the input JSON string, so parsing can succeed even for invalid JSON. When parsing succeeds, AWS WAF doesn't apply the fallback behavior. For more information, see `JSON body <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body>`_ in the *AWS WAF Developer Guide* .
             :param oversize_handling: What AWS WAF should do if the body is larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. The options for oversize handling are the following: - ``CONTINUE`` - Inspect the available body contents normally, according to the rule inspection criteria. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. You can combine the ``MATCH`` or ``NO_MATCH`` settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit. Default: ``CONTINUE``
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-jsonbody.html
@@ -5556,14 +5558,9 @@ class CfnRuleGroup(
             - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
 
             If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters.
+            .. epigraph::
 
-            AWS WAF does its best to parse the entire JSON body, but might be forced to stop for reasons such as invalid characters, duplicate keys, truncation, and any content whose root node isn't an object or an array.
-
-            AWS WAF parses the JSON in the following examples as two valid key, value pairs:
-
-            - Missing comma: ``{"key1":"value1""key2":"value2"}``
-            - Missing colon: ``{"key1":"value1","key2""value2"}``
-            - Extra colons: ``{"key1"::"value1","key2""value2"}``
+               AWS WAF parsing doesn't fully validate the input JSON string, so parsing can succeed even for invalid JSON. When parsing succeeds, AWS WAF doesn't apply the fallback behavior. For more information, see `JSON body <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body>`_ in the *AWS WAF Developer Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-jsonbody.html#cfn-wafv2-rulegroup-jsonbody-invalidfallbackbehavior
             '''
@@ -14956,9 +14953,11 @@ class CfnWebACL(
 
             Example JSON: ``"JsonBody": { "MatchPattern": { "All": {} }, "MatchScope": "ALL" }``
 
+            For additional information about this request component option, see `JSON body <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body>`_ in the *AWS WAF Developer Guide* .
+
             :param match_pattern: The patterns to look for in the JSON body. AWS WAF inspects the results of these pattern matches against the rule inspection criteria.
             :param match_scope: The parts of the JSON to match against using the ``MatchPattern`` . If you specify ``ALL`` , AWS WAF matches against keys and values. ``All`` does not require a match to be found in the keys and a match to be found in the values. It requires a match to be found in the keys or the values or both. To require a match in the keys and in the values, use a logical ``AND`` statement to combine two match rules, one that inspects the keys and another that inspects the values.
-            :param invalid_fallback_behavior: What AWS WAF should do if it fails to completely parse the JSON body. The options are the following:. - ``EVALUATE_AS_STRING`` - Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters. AWS WAF does its best to parse the entire JSON body, but might be forced to stop for reasons such as invalid characters, duplicate keys, truncation, and any content whose root node isn't an object or an array. AWS WAF parses the JSON in the following examples as two valid key, value pairs: - Missing comma: ``{"key1":"value1""key2":"value2"}`` - Missing colon: ``{"key1":"value1","key2""value2"}`` - Extra colons: ``{"key1"::"value1","key2""value2"}``
+            :param invalid_fallback_behavior: What AWS WAF should do if it fails to completely parse the JSON body. The options are the following:. - ``EVALUATE_AS_STRING`` - Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters. .. epigraph:: AWS WAF parsing doesn't fully validate the input JSON string, so parsing can succeed even for invalid JSON. When parsing succeeds, AWS WAF doesn't apply the fallback behavior. For more information, see `JSON body <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body>`_ in the *AWS WAF Developer Guide* .
             :param oversize_handling: What AWS WAF should do if the body is larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. The options for oversize handling are the following: - ``CONTINUE`` - Inspect the available body contents normally, according to the rule inspection criteria. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. You can combine the ``MATCH`` or ``NO_MATCH`` settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit. Default: ``CONTINUE``
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-jsonbody.html
@@ -15036,14 +15035,9 @@ class CfnWebACL(
             - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
 
             If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters.
+            .. epigraph::
 
-            AWS WAF does its best to parse the entire JSON body, but might be forced to stop for reasons such as invalid characters, duplicate keys, truncation, and any content whose root node isn't an object or an array.
-
-            AWS WAF parses the JSON in the following examples as two valid key, value pairs:
-
-            - Missing comma: ``{"key1":"value1""key2":"value2"}``
-            - Missing colon: ``{"key1":"value1","key2""value2"}``
-            - Extra colons: ``{"key1"::"value1","key2""value2"}``
+               AWS WAF parsing doesn't fully validate the input JSON string, so parsing can succeed even for invalid JSON. When parsing succeeds, AWS WAF doesn't apply the fallback behavior. For more information, see `JSON body <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body>`_ in the *AWS WAF Developer Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-jsonbody.html#cfn-wafv2-webacl-jsonbody-invalidfallbackbehavior
             '''